The system authorization facility (SAF) and the SAF router are present on all MVS™ systems, even if RACF® is not installed. Although the SAF router is not part of RACF, many system components and programs invokes RACF through the RACROUTE macro and SAF. Therefore, installations can modify RACF parameter lists and do customized security processing within the SAF router.

Depending on the level of JES programming support available on your system, JES can invoke the system authorization facility (SAF) after it reads a job. JES issues the RACROUTE macro with the REQUEST=VERIFY and ENVIR=VERIFY parameters. This invocation of SAF does not result in a call to RACF; it provides an opportunity for the installation to install its own user ID verification with the SAF router exit.

The router exit must have RMODE(24) and AMODE(ANY).