Run Task Security Exit
The Run Task security exit control point provides a standard interface to verify that the user is authorized to run the specified program. IBM® Connect:Direct® passes the exit security information about the user, the program name, and the parameters being passed to the program. Specific implementation details include the following:
- The Run Task exit is implemented as an executable load module.
- The name of the load module is user-defined, but cannot conflict with any IBM Connect:Direct load module names.
- Specify RUN.TASK.EXIT=(modname) in the initialization parameters to activate the Run Task exit.
- You must link-edit the module as re-entrant and place it in a load library that the DTF can access.
- Because information passed to the exit by IBM Connect:Direct is located above the 16 megabyte line, you must link-edit the module with AMODE ANY to make it capable of executing in 31-bit mode.
For additional information about exits, see IBM Connect:Direct Exits.
Sample Run Task Security Exit
The $CD.SDGASAMP library contains a sample source module for the most used security systems. Sample exit routines are:
- DGAXRACT for IBM RACF and CA-TOP SECRET
- DGAXACFT for CA-ACF2
- DGAXSAFT for CA-ACF2 using the Security Access Facility
An IBM Connect:Direct Stage 2 Exit, DGAXSBRX can be used on the SNODE as RUN TASK EXIT to restrict and reject the use of RUN TASK function. As an exception, node names of PNODEs that are allowed to execute this function on this SNODE are defined in a table. If the nodename in process matches an entry in the table the function is allowed to continue otherwise the process is rejected with a return code of 8 and msgid of SVTM667I.
You can use the sample exit as a model to implement specific requirements.