Exit routine concepts

The exit routine provides an interface between the Classic Interface and the security product.

Concepts for exit routines are:

  • You can specify any unique name for your exit routine.

    The name must be identical to the name in the control statements that update the security table.

  • You can share the exit routine between systems.
  • You must define a resource class in the exit routine.

    The name of this resource class must be identical to the generalized resource class name that you define when you modify RACF® or ACF2 rules.

  • You can use the same exit routine to define security for several Classic Interfaces.

    You must then use the same name on the MODULE= control statement for each Classic Interface.

    You can use the value of the B#DDPRFX field in the $BIA data area as part of a resource name that you want to use for the Classic Interface that is currently in use.

The &rhilev.&rte.RKD2SAM data set contains the following sample members:

  • Members KO2ACF2X and KO2RACFX that contain models for ACF2 and RACF routines.

    Many configurations use these models without modification. They are, however, documented with comments so that you can modify them because security procedures are configuration-dependent.

    You can also use these models if you have a security system other than RACF or ACF2. In this case, use the sample RACF or ACF2 exits as guides to see the following:

    • Which information is passed to the exit routine
    • Which information is returned to the Classic Interface
  • Members KO2ACF2A and K02RACFA that contain sample JCL to help you assemble and link-edit your routine.