Implementing AO command security with the command authorization exit routine

The Command Authorization exit routine (DFSCCMD0) is called during AO command processing to perform command authorization checking. DFSCCMD0 enables you to secure commands that are issued through either the CMD or ICMD call at the command verb, keyword, or resource name level.

DFSCCMD0 must be included in IMS.SDFSRESL.

The parameter list for DFSCCMD0 identifies:

• Who issued the command:
  • Terminal
  • LU 6.2 application
  • ICMD call, where a user ID is used for command authorization
  • ICMD call, where a PSB name is used for command authorization
• If RACF® (or equivalent) was called:
  • SAF (System Authorization Facility) return code
  • RACF return code
  • RACF reason code
• The security code:
  • X'80000000' RACF was not called (AOIS=C).
  • X'00000000' User is authorized to RACF to issue command.
  • X'00000004' RACF is not available.
  • X'00000008' User is not defined to RACF.
  • X'0000000C' Command is not protected by RACF.
  • X'00000010' User is not authorized to issue command.

Related reading: For more information about the Command Authorization exit routine (DFSCCMD0), see IMS Version 15.2 Exit Routines.