Authorizing DBRC commands and API requests with both the DSPDCAX0 exit routine and RACF

The DBRC command authorization exit routine (DSPDCAX0) can be used in conjunction with RACF® to provide command authorization.

In such cases, the security product is invoked first. The return and reason codes are passed to the exit routine. The return code that the exit routine issues ultimately determines the success or failure of the command authorization; the exit routine overrides the outcome of the security product. Therefore, DBRC messages that are a result of unsuccessfully invoking the security product will be suppressed.

Again, if EXIT or BOTH is specified in the CMDAUTH keyword on the INIT.RECON or CHANGE.RECON commands, DSPDCAX0 is a required exit routine. Also, DSPDCAX0 must be found in an authorized library or in LINKLST. If DSPDCAX0 is found in a concatenated STEPLIB or JOBLIB, only the data set containing DSPDCAX0 must be authorized. If DSPDCAX0 is found in LINKLST, no authorization check is performed.

Related reading: See IMS Version 15.6 Exit Routines for more information about the DBRC Command Authorization exit (DSPDCAX0) routine.