Security Violation For Authorized CICS User Defined Resource

Document ID : KB000045318
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Defined a user defined resource class and Permitted a resource in that resource class to a user.

When the user access the resource they receive a security violations. Why?

Answer:

Check the CICS facility to see if the NORES or RES facility control option is set. If NORES is set, this needs to be changed to RES so rules for prefixed resources get loaded into the security record for the user.

NORES on a FACILITY means permits for maskable resources will not be loaded into the user's security record when the user signs on. This would mean that the user is not authorized even though the user has a PERMIT for the maskable resource because the permission was never loaded in storage.

NORES was used to conserve storage in the olden days. RES means that all permissions are loaded into storage. Since the user record is now loaded in 31 bit high private, there are no longer storage concerns when specifying RES on a facility.

When changing from NORES to RES on a FACILITY, a recycle of the region is required to pick up the change.

Additional Information:

Please see the CA Top Secret Control Options Guide for more details about the FACILITY control option RES/NORES.