Securing asynchronous hold queues by using the OTMA Resume TPIPE Security user exit (OTMARTUX)
The OTMA Resume TPIPE Security user exit (OTMARTUX) provides one of two possible layers of security for RESUME TPIPE calls issued to retrieve message queued to the OTMA asynchronous hold queue.
When security for RESUME TPIPE calls is enabled, the OTMARTUX user exit checks the caller's authority when the RESUME TPIPE call is initiated, but before retrieving the messages from the hold queue.
You can use OTMARTUX user exit either with or without RACF® security checking for the RESUME TPIPE call. If both the OTMARTUX user exit and RACF are used, the RACF security is always called first. In such a case, the OTMARTUX user exit can override the results of the RACF procedure.
When security for the RESUME TPIPE call is enforced by both RACF and the OTMARTUX user exit, the OTMARTUX user exit is invoked regardless of the success or failure of the RACF security procedure. The OTMARTUX user exit can accept the results of the RACF security check, override the results, or enforce more restrictive security rules. An example of a more restrictive rule might be to authorize a user to access the output messages only within a specific period of time during the day.
When authorization is successful, output messages in the hold queue are returned to IMS Connect.
When authorization fails, a rejection message (NAK) of the RESUME TPIPE call is sent to the client.
To bypass the OTMARTUX user exit, ensure that your RESLIB does not contain DFSYRTUX and do not define an EXITDEF statement for the OTMARTUX user exit type in the USER_EXITS section of your DFSDFxxx member.