Authorizing transactions
Transaction authorization determines if a user ID is permitted to use a certain transaction. You can use an exit routine, RACF®, or both to perform the transaction authorization. To gradually phase in RACF as your installation's transaction authorization method, use the Transaction Authorization exit routine (DFSCTRN0).
This routine can reject the transaction if the transaction is entered by an ETO terminal but is not protected by RACF. If you use both DFSCTRN0 and RACF, DFSCTRN0 is effective only after RACF has authorized the transaction or when the transaction is not defined to RACF. DFSCTRN0 is described under Preparing security exit routines.
If you specify the REVERIFY option to RACF, the user must reenter the signon password with each transaction code. REVERIFY is not supported when a takeover occurs in an XRF complex. Users might need to sign on again after a takeover if they are not on a class-1 terminal.
With program-to-program switching through the DL/I change (CHNG) call or by changing the transaction code in the SPA, you can use RACF, an exit routine, or both, to check transaction authorization. The same applies when the transaction code status is changed by the /SET, /LOCK, and /UNLOCK commands. In addition, as the application program associated with the transaction produces database changes, the user ID is logged with the change records on the IMS system log to identify the changes performed by a specific user.
IMS provides the RVFY= parameter in the IMS procedure for customers who want to force reverification that the operator who signed on to a terminal is the same operator who is now entering a command or transaction. This reverification is done with RACF by including the word 'REVERIFY' in the APPLDATA field of the command or transaction profile. For example:
RDEFINE Txxx tran-name UACC(NONE) APPLDATA('REVERIFY')Each time the user enters this transaction code, the RACF password must be entered where an IMS password would be entered if the transaction were password protected.