We are using the HPO EXCI interface for batch CA DADS Plus requests. We have security set up on the EXCI connection to our CICS regions via an ACF2 facility rule that only allows Production Batch IDS and SYSTEMS Support groups to open/close files in a CICS region. We had a developer submit a file close batch job and although the job did identify an ACF2 violation against the facility rule, the file close did post to the DADSBIF file and closed a production file during the business day shutting down an application. We need to know why this happened and how can we secure our connection to production regions. 

When a batch request is submitted the request is first written to the DADSBIF file. The CA DADS then determines if the request is an EXCI option and if so the job runs immediately. In this case security stepped in and terminated the EXCI request. But since the request is on the batch interface file the scan interval SCAN INTERVAL (SECS) 300 five minutes processed the request. You can see in the DADSLOG that the batch job ran for five minutes and processed the deallocate of the file.

In order to prevent unauthorized users submitting batch jobs that could accidently run in the production environment you will need lock down the DADSBIF file. Securing the EXCI connection is not going to prevent unauthorized requests from running in production. We have another scenario that will not be detected by security. 

When a user submits a batch job it’s first written to the BIF file. Then DADS reads the APPLID record to determine if the Batch Interface is active by checking time stamps of the last scan interval. If the batch interface is not active CA DADS assumes the CICS region is not active. CA DADS then looks at another APLLID parameter (the NOT ACTIVE PARM) and in your CASE it is QUEUE. (NOT ACTIVE PARM QUEUE ) The QUEUE option tells CA DADS to set a return code zero on the  CA DADS step and the rest of the batch job runs to update the production files. This QUEUE’D request on the batch interface file can be run at the next CICS startup time if the control file setting is set to run queue’d requests at start time.

So if your CICS region is NOT active(down) and a user accidently writes a queue’d deallocate request to the production DADSBIF this queue’d request could be executed by the DADS PLTPI program at startup time. This would cause you production file to be deallocated after control has been given to CICS.

In Summary the solution here is to only allow authorized users to have write access to the production DADSBIF files.