Policy scopes

Policies are defined in CICS® bundles. The scope of a policy describes how it is applied to CICS user tasks.

Policies are deployed to a specific scope. The scope can be either a region scope, a platform scope, an application scope, or an operation (within an application) scope.

When a policy is deployed with a platform scope, it applies to all user tasks within the platform that have the matching platform in their application context. When a policy is deployed with an application scope, it applies to all user tasks within the platform that have the matching platform, application, and application version information in their application context. When a policy is deployed with an operation scope, it applies only to user tasks that also match the operation.

A policy can also be deployed with region scope, in which case it applies to all user tasks that are running in that CICS region. This method is useful in a stand-alone CICS region (SMSS) where you are not able to define a platform and applications.

Table 1. Policy scoping
Effective policy scope What the policy rules apply to How the policy is deployed
 1 Region. The policy rules apply to all user tasks that run in the CICS region to which you deploy the policy. The policy is deployed as a CICS BUNDLE resource defined in the CSD or CICSPlex® SM data repository, and installed into any CICS region.
 2 Platform. The policy rules apply to all user tasks within the platform that have the matching platform in their application context. When you define a CICS Platform project, you add to it the CICS bundles that contain policy definitions to be deployed with the platform. If you want to deploy a policy to an already active platform, export the policy bundle to the platform home directory in zFS, then use the CICS Explorer® ADDBUNDLE operation dialog to install it into a region type. For more information about the ADDBUNDLE operation dialog, see Adding a CICS bundle to a platform.
 3 Application. The policy rules apply to all user tasks within the platform that have the matching platform, application, and application version information in their application context. When you define a CICS Application project, you add to it the CICS bundles that contain policy definitions to be deployed with the application. Alternatively, you can also deploy CICS bundles with the application binding, depending on the architecture of your application.
 4 Operation. The policy rules apply to all user tasks within the platform that have the matching platform, application, and application version and operation information in their application context. First, you define the policies in a CICS bundle. You then define the scoping for the operation by editing the CICS bundle manifest with the CICS manifest editor to define an application entry point and a policy scope. Finally you add the CICS bundle to a CICS Application project for deployment. CICS bundles that define a policy scope for an operation cannot be deployed with a platform project or added to an already active platform by using the ADDBUNDLE operation dialog. For more information, see Defining policy scopes and Defining application entry points.
When a policy is installed into a CICS region, CICS combines its rules with all of the other policies that are deployed with different scopes in that CICS region to determine a set of rules that apply for each unique runtime scope. Policy rules that are deployed with different scopes might apply to the same task. You can use the Cloud Explorer view in CICS Explorer to determine which set of policy rules apply to a task. For example:
  • If you query policy rules against a particular application version, you see an aggregation of the policy rules for scopes  1 ,  2 , and  3 . This set of rules applies to all user tasks for this application version.
  • If you query policy rules against a specific operation of an application, you see an aggregation of the policy rules that apply at scopes  1 ,  2 ,  3 , and  4 . This query shows any additional policy rules that apply to a specific operation of an application, as well as the policy rules that apply to the application.
  • If you query policy rules against a platform, you see an aggregation of the policy rules that apply at scopes  1  and  2 . This query shows you all the policy rules that apply to all application tasks that run on the selected platform. It is a subset of the policy rules you see if you query the policy rules for a specific application (or application operation) running on that platform.
  • Similarly, if you query policy rules against a region type, you see an aggregation of the policy rules that apply at scopes  1  and  2 . This query shows you all the policy rules that apply to all application tasks that run in regions of this type on the platform.
As policy rules can be aggregated in this way CICS maintains a number of sets of policy rules as follows:
  • A set of all policy rules with region scope.
  • A set of all policy rules with platform scope; one for each platform that a specific CICS region is a member of.
  • A set of all policy rules for a particular application version; one set for each application version that is deployed in the CICS region.
  • A set of all policy rules for each operation of an application version; one set for each operation of an application version.
When a new user task is attached, CICS associates one of these sets of policy rules with the task at one of two points in the task's lifetime:
  1. When a task's initial program is called. At this point, depending on whether the tasks application context is set, CICS will:
    • If the task's application context is set, CICS applies the set of policy rules whose scope best matches the task's application context. CICS checks for the best match as follows:
      1. CICS first checks for a set of rules whose scope matches the platform, application, application version, and operation in the task's application context.
      2. If no match is found CICS then checks for a set of rules that match the platform, application and application version in the task's application context.
      3. If still no match is found CICS then checks for a set that match on platform name only.
      4. If still no match is found CICS then checks for a set of rules that apply for the region.
      5. If still no match is found, then the task executes without any policy rules.
      For the remainder of this task's lifetime these are the policy rules that are enforced. Even if the application context changes, the policy rules remain the same.
    • If the task's application context is not set, then CICS just associates the set of region policy rules, if any, with the task
  2. When a task invokes an application entry point program by using EXEC CICS LINK, XCTL or INVOKE APPLICATION. If the application context was set at the time the task's initial program was called, then the policy rules for the task remain unchanged. However, if the application context was not set at the time the initial program was called, then CICS looks for the best set of policy rules that match the task's application context as above, and if a match is found this set of policy rules replaces any region scoped policy rules that are associated with the task when the initial program was called. This new set includes any such region scoped rules.
For more information about application context, see Application context in Product overview.

During task execution, CICS applies the policy rules of a specific type in order of lowest threshold to highest threshold. Where multiple rules apply at the same threshold, CICS processes message action rules first, then event action rules, and finally abend action rules. This method ensures that messages and events are emitted before a task is abended.