Connection security profiles for CICS connections

Profiles for checking connections from CICS take the form:

hlq.CICS

where

hlq can be either qmgr-name (queue manager name) or

qsg-name (queue-sharing group name). If you are using both queue manager and queue-sharing group level security, WebSphere MQ checks for a profile prefixed by the queue manager name. If it does not find one, it looks for a profile prefixed by the queue-sharing group name. If it fails to find either profile, the connection request fails

For connection requests by CICS, we need only permit the CICS address space user ID access to the connection profile.

For example, the following RACF commands allow the CICS address space user ID KCBCICS to connect to the queue manager TQM1:

RDEFINE MQCONN TQM1.CICS UACC(NONE)
PERMIT TQM1.CICS CLASS(MQCONN) ID(KCBCICS) ACCESS(READ)