Developer Only Version of CICS Explorer

Due to processing by IBM, this request was reassigned to have the following updated attributes:
Brand - Servers and Systems Software
Product family - Transaction Processing
Product - CICS Transaction Server

For recording keeping, the previous attributes were:
Brand - WebSphere
Product family - Transaction Processing
Product - CICS Transaction Server

This functionality ia available in CICS Explorer 5.1.1 which is available from June 14th 2013

This functionality will be available in Explorer 5.1.1. which was announced April 23rd 2013 and will GA June 14th 2013.

Hi William,
This is excellent - thank you very much for your detailed information.  This really helps us to understand your setup and the scenario you're trying to solve
Best regards and many many thanks,
Joe

Looks like my comments are still getting lost so here we go again.

Westifled Insurance like many financial institutions has a completely locked down PC environment. It is the rare individual that even has access to his/her C: drive! In addition we have Sophos Guardian preventing any write capabilities on our USB ports. We can get data in but NEVER write on a USB or CD/DVD device. If you understand that you can see why any security person here would get nervous looking at CICS Explorer with it's capabilites to create/update CICS system defintions (a role for only the system programmer).

At Westfield CICS Explorer for developers would only be available from a read only network drive with a shortcut to cicsexplorer.exe on the desktop. There would be no way at Westfield for a developer to download their own copy of CICS Explorer and modify it in any way.

The option you mention of "skinning" the CICS Explorer via some z/FS folder would be the most agreeable. Our security here is RBAC (Role Based Access Control), so the security people would totally lock down that folder and have role - explorer version pairs in there. At connect time the users role would be obtained and looked up in that folder. We don't have CICSPlex running here so we wouldn't need any subfolder by plex.

Hope this comment is usefull. Thank you.

Hi William,

How would you make your copies of the CICS Explorer available to your users - is this via a shared network drive users don't have write access to, or via a Java Web Start launch ?   The reason we are asking is that we could put something in the product such as a setting in a file that wasn't visible on a preference page which controlled this behaviour, but then there'd be nothing to stop a user from finding this and unsetting it so solutions like that tend to only work if the location of the CICS Explorer was read only.  However users could then always download a full version from a web site and enter the host/port and connect to a CICS region and bypass this entirely.
Maybe if there was a way that when a user connected there was a host setting that you controlled that we could query, and then "skin" the CICS Explorer based on that.  Presumably your users can connect to the FTP port to get access to the z/OS perspective views, so if we had a file on z/FS that you controlled the permissions for updating that listed users and privileges, then on connection maybe we could check this file and cross reference.  You really want this when the user connects to CICS though, so we'd need to maybe flow this through the CICS SM connection, possibly with a SIT parm on the region or having the z/FS folder named based on the CICS plex, like "/u/cics_explorer/permissions/plex, and when you connect to a CICS system once we have the plex we could then go through FTP to get this file and read it and cross match permissions ?
These are mainly thoughts just to guage what kind of solution would and wouldn't work for you ?
Thanks for the RFE by the way - we're new to this in CICS and loooking forward to getting discussions going where we can bounce ideas back and forth.

It looks like my answer got lost so here it is again.

For the first question. I would like to retain the z/OS and Projects perspectives in a developer only version of the CICS Explorer.

The short answer to the second question is that I would like to have the same capabilities as the old fashioned CEMT INQ/SET but not PERFORM and CEDC but not CEDB or CEDA transactions.

In my CICS SM perspective I have Operations and Defintions on the Menue Bar. I would like to be able to see every CICS resource with those choices. By that I mean I do not want only the RDz cut down resources to show. On the Definitions choice I would remove any capability to discard, create, or install any resource definition and the New.. context option in any resource definition or operation choice.

As far as implementing this version of CICS Explorer, I do not want the users to control this with a Window>Preferences>Capabilities but "to control this from a rollout viewpoint so you as the system administrator get a CICS Explorer - then set some properties in files which "skin" the CICS Explorer - and then make this avialable to your users ? If so then an educated user could still go into the right file and change/remove the line that controls it."

Thank you.

I guess I was mistaken about not being able to create definitions from one of the Definitions Menu bar choices. The New.. capability would have to be removed from a developer only version of CICs Explorer.

Thank you for the RFE. We have a number of questions which we would like your input on.
    For the scenario where it is for exclusive use of the application developer, what do you want to leave behind ?  Do you still want the z/OS perspective and views ?  Do you still want the CICS SM perspective and views ?  If you still want the CICS SM perspective do you want any of its views removed, for example RD/z removes all administration views as it doesn't want to enable direct CSD access, and for the operations menu its removes TCP/IP services, MRO connections, etc.. .as it only wants to let developers work with Files, Programs, TDQueues, and so forth (the things developers need to test/debug their code). 
Do you want to allow users to control this with a capability - for example in Explorer you can go Window>Preferences>Capabilities and enable/disable team support which is there but hidden by default.  Or do you want to control this from a rollout viewpoint so you as the system administrator get a CICS Explorer - then set some properties in files which "skin" the CICS Explorer - and then make this avialable to your users ?  If so then an educated user could still go into the right file and change/remove the line that controls it.