Controlling the security of CICS transactions supplied by WebSphere MQ
The CKTI and CKAM transactions are designed to be run without a terminal; no user should have access to these transactions. These transactions are examples of what the CICS RACF Security Guide calls "category 1 transactions". For information about how to set these transactions up in CICS and RACF, see the information about category 1 transactions in the CICS RACF Security Guide.
If you want a user to administer the CICS adapter, grant the user authorization to these transactions:
CKQC Controls the CICS adapter functions CKBM Controls the CICS adapter functions CKRT Controls the CICS adapter functions CKCN Connect CKSD Disconnect CKRS Statistics CKDP Full screen display CKDL Line mode display CKSQ CKTI START/STOP If required, we can restrict access to specific functions of the adapter. For example, if you want to allow users to display the current status of the adapter through the full screen interface, but nothing else, give them access to CKQC, CKBM, CKRT, and CKDP only.
You should define these transactions to CICS with RESSEC(NO) and CMDSEC(NO). For more details, see the CICS RACF Security Guide. For information about the security of the CICS transactions supplied by WebSphere MQ for remote queuing, see the WebSphere MQ Intercommunication manual.