How can the default logonid in CICS be stopped from getting a violation for CQRY?
error - dfhac2003 cics1 security violation has been detected term id = ABC1 trans id =CQRY user id = DFTCICS
IBM uses transactions that start with C. CQRY is a type 3 transaction per IBM. The transaction is used to query a terminal on its capabilities based of the TYPETERM definitions in the DFHCSD. This is done before a user logs on.
We recommend in CICS that all IBM transactions should be on the SAFELIST in the ACF2 parms for CICS, except for critical transactions that should be protected via the PROTLIST. ACF2 comes with the following defined:
SAFELIST RESOURCE=TRANS,ENTRY=C*** CICS STANDARD TRANS
PROTLIST RESOURCE=TRANS,ENTRY=CEBR TEMPORARY STORAGE BROWSE
PROTLIST RESOURCE=TRANS,ENTRY=CECI COMMAND INTERPRETER
PROTLIST RESOURCE=TRANS,ENTRY=CEDA RESOURCE DEFINITION ONLINE
PROTLIST RESOURCE=TRANS,ENTRY=CEDF EXECUTION DIAGNOSTIC FACILITY
PROTLIST RESOURCE=TRANS,ENTRY=CEMT MASTER TERMINAL TRANS
PROTLIST RESOURCE=TRANS,ENTRY=CSMT MASTER TERMINAL TRANS
CQRY needs to be added to the SAFELIST in the ACF2/CICS parms in order for ACF2 violations to stop.