How is security set for the XPFS and XPFT transactions in a CICS region?

Document ID : KB000054022
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Some clients ask how they should set security for the XPFS and XPFT transactions in a CICS region. They are usually run by using the line commands INIT and TERM on the SYSVIEW CICSLIST panel. The commands INIT and TERM in SYSVIEW run the XPFS and XPFT transactions in a CICS region. By default, those transactions are run by the CICS default user, which consequently must be granted the right to run them. But you probably do not want to give that right to the CICS default user, because if you do then all users would be able to stop/start SYSVIEW CICS monitoring directly from within CICS.

Solution:

There is nothing that can be done in SYSVIEW itself to control this. Unlike the XPFI transaction, which can be controlled through the instructions in 'Assign a userid to the XPFI CICS transaction' under the TOPICS facility of SYSVIEW, the XPFS and XPFT transactions are controlled by the security settings for the CICS Console terminal definition that control the userid assigned to it.

The INITPARM method is available to assign a userid to the XPFI transaction because SYSVIEW itself starts that transaction programmatically, but XPFS and XPFT are invoked externally to SYSVIEW's control.

So, in the CICS Resource Definition Guide under TERMINAL, look at the USERID attribute.

The INIT/TERM commands are actioned by SYSVIEW by issuing an MVS modify command to the CICS region to run the XPFS or XPFT transaction. CICS should then receive/process/run the transaction on its Console terminal. It is the security settings for the CICS Console terminal definition that control the userid assigned to it.