I have a requirement to enable ACF2 security for CICS transactions to control field / record level security. I do not have access to the transaction codes / script, and do not know what the field name at the back end.
Example:
EMPL [transaction screen]
Option ===> I - Insert, D - Deleted, M - Modify
ACF2 ID ===>
Name ===>
Mail Drop ===>
Division# ===>
Work Phone ===>
This is all I have, now I have to control this EMPL transaction fields access. I understand, I can add SERVICE parameter in the access rule to control Read / Add / Delete / Update, but, I want control on the Option keyword, ACF2 ID keyword, Name, etc.
My access rules should be
$KEY(EMPL) TYPE(CKC) -> Transaction security
$KEY(OPTIONI) TYPE(***) -> Option I keyword security access rule
$KEY(OPTIOND) TYPE(***) -> Option D keyword security access rule
...
$KEY(WORK PHONE) TYPE(***)
This type of security may become uncontrolled / not monitored without relating it to the actual field at the backend / script. I do not know the DFHCSD dataset names or their layout / format if it applies. Given the current situation with limited information, I am required to make security rules based on this front end / field names, only known information. Is Maintaining Field records / Record level protection [& Protecting screen input] section of ACF2 Admin guide / CICS guide the best approach to accomplish my requirement.
I appreciate if anyone can post sample rules or provide detailed information in this regard.
Note, there will be two different security, 1) Who can access which OPTION; 2) Who is allowed to modify / access which field [ACF2 ID, NAME, Mail Drop, etc.]
Running on zOS 2.1 ACF2 r15 CICS 5.1 [moving to 5.3]
Thank you.