Functional Authority Validation Sequence

The security-checking sequence follows:

  1. When the stage 2 security exit is called to determine IBM® Connect:Direct® functional authority for a user (at signon or Process start), it first checks with the security subsystem (that is, CA-ACF2, IBM RACF, or CA-TOP SECRET) to determine if the user can read the Administrator data set. If so, the authority of the user is set as an Administrator.
  2. If the user is not allowed to read the Administrator data set, the exit checks to see if the user can read the Operator data set. If yes, the user is given Operator authority.
  3. If the user is not allowed to read the Operator data set, the exit checks to see if the user can read the Data Base Administrator data set. If so, the user is given Data Base Administrator authority.
  4. If the user is not allowed to read the Data Base Administrator data set, and the stage 2 exit includes GENDSN=NULLFILE, the user is given General User authority. If you specify a data set name for GENDSN, the exit either assigns the user General User authority if the user can read the data set, or disables the IBM Connect:Direct function requested (signon or Process execution) if the user cannot read the data set.