Controlling the security of CICS transactions supplied by WebSphere MQ

The CKTI and CKAM transactions are designed to be run without a terminal; no user should have access to these transactions. These transactions are examples of what the CICS RACF Security Guide calls "category 1 transactions". For information about how to set these transactions up in CICS and RACF, see the information about category 1 transactions in the CICS RACF Security Guide.

If you want a user to administer the CICS adapter, grant the user authorization to these transactions:

CKQC Controls the CICS adapter functions
CKBM Controls the CICS adapter functions
CKRT Controls the CICS adapter functions
CKCN Connect
CKSD Disconnect
CKRS Statistics
CKDP Full screen display
CKDL Line mode display
CKSQ CKTI START/STOP

If required, we can restrict access to specific functions of the adapter. For example, if you want to allow users to display the current status of the adapter through the full screen interface, but nothing else, give them access to CKQC, CKBM, CKRT, and CKDP only.

You should define these transactions to CICS with RESSEC(NO) and CMDSEC(NO). For more details, see the CICS RACF Security Guide. For information about the security of the CICS transactions supplied by WebSphere MQ for remote queuing, see the WebSphere MQ Intercommunication manual.