What setting or parameter within the CICS regions set up the frequency of a regions Security Refresh?

Release : 16.0

Component : ACF2 for z/OS

There are two options to refresh security in CICS:

- if rules are globally resident (i.e. specified in C(GSO) INFODIR record), first  issue a rebuild command for the specific type code as shown below:

F ACF2,REBUILD(typ)

And then run the ACFM function RC, option RESET, to reset the cache. If the cache is not reset when rules change, users previously granted access to resources could gain access through the session cache, even though the new rules do not authorize access. 

- If the rules are locally resident, no need to issue the F ACF2,REBUILD(typ) command, but o run the ACFM function RC, option RESET, to reset the cache.

If there are multiple CICS regions sharing the same databases on a LPAR, one CICS region is picking up a change after adding a user to role and other region is not, check USRDELAY setting in the CICS SIT parameter and decrease it to appropriate value. The USRDELAY parameter is applicable to AOR regions only and CICS region need to be cycled after making the change

The USRDELAY system initialization parameter specifies the
maximum time, in the range 0 - 10080 minutes (up to seven days), that an
eligible user ID and its associated attributes are to be retained in the CICS®
region after use. A user ID that is retained in the user table can be reused