Question:
How do I stop the default logonid in CICS getting a violation for CQRY?
error - dfhac2003 cics1 security violation has been detected term id = ABC1 trans id =cqry user id = dftcics
Answer:
IBM uses transaction that start with C. CQRY is a type 3 transaction per IBM. The transaction is used to query a terminal on its capabilities based of the TYPETERM definitions in the DFHCSD. This is done before a user logs on.
CA recommends in CICS that all IBM transaction should be on the SAFELIST in the ACF2 parms for CICS, except for the critical ones that should be protected via the PROTLIST and then ACF2 rules. CA ships:
SAFELIST RESOURCE=TRANS,ENTRY=C*** CICS STANDARD TRANS
PROTLIST RESOURCE=TRANS,ENTRY=CEBR TEMPORARY STORAGE BROWSE
PROTLIST RESOURCE=TRANS,ENTRY=CECI COMMAND INTERPRETER
PROTLIST RESOURCE=TRANS,ENTRY=CEDA RESOURCE DEFINITION ONLINE
PROTLIST RESOURCE=TRANS,ENTRY=CEDF EXECUTION DIAGNOSTIC FACILITY
PROTLIST RESOURCE=TRANS,ENTRY=CEMT MASTER TERMINAL TRANS
PROTLIST RESOURCE=TRANS,ENTRY=CSMT MASTER TERMINAL TRANS
So the bottom line is that CQRY needs to be added to the SAFELIST in the ACF2/CICS parms.