How can the default logonid in CICS be stopped from getting a violation for CQRY? 

error - dfhac2003 cics1 security violation has been detected term id = ABC1 trans id =CQRY user id = DFTCICS 

IBM uses transactions that start with C. CQRY is a type 3 transaction per IBM. The transaction is used to query a terminal on its capabilities based of the TYPETERM definitions in the DFHCSD. This is done before a user logs on. 

We recommend in CICS that all IBM transactions should be on the SAFELIST in the ACF2 parms for CICS, except for critical transactions that should be protected via the PROTLIST. ACF2 comes with the following defined: 

  SAFELIST RESOURCE=TRANS,ENTRY=C*** CICS STANDARD TRANS

  PROTLIST RESOURCE=TRANS,ENTRY=CEBR TEMPORARY STORAGE BROWSE 

  PROTLIST RESOURCE=TRANS,ENTRY=CECI COMMAND INTERPRETER 

  PROTLIST RESOURCE=TRANS,ENTRY=CEDA RESOURCE DEFINITION ONLINE

  PROTLIST RESOURCE=TRANS,ENTRY=CEDF EXECUTION DIAGNOSTIC FACILITY 

  PROTLIST RESOURCE=TRANS,ENTRY=CEMT MASTER TERMINAL TRANS 

  PROTLIST RESOURCE=TRANS,ENTRY=CSMT MASTER TERMINAL TRANS 

CQRY needs to be added to the SAFELIST in the ACF2/CICS parms in order for ACF2 violations to stop.