Customizing security processing
You can customize security processing by invoking a security manager other than RACF, and
by writing a "good night" transaction. 
You can also use SAML.
Authorization routines
In z/OS®, do not install SVCs or PC routines that return control to their caller in any authorized mode: that is, in supervisor state, system PSW key, or APF-authorized. Doing so is contrary to the z/OS Statement of Integrity.
If you invoke such services from CICS®, you might compromise your system integrity, and any resultant problems will not be resolved by IBM® Service.