The OMEGAMON for IMS Classic call flow for security exit routines
Call flows pass control to your user security exit routine at initialization, during command verification, and at termination. This information does not apply to the IMS command BMP security exit.
OMEGAMON for IMS Classic initialization call flow
IF... | THEN... |
---|---|
the user ID field length is non-zero |
the user ID and password are available. |
additional information or another attempt is required |
the user exit routine can request a reshow of the screen and reset any field lengths to indicate that no data is present (user ID, password, group, or new password). To display in VTAM® mode again, set a message into the U#CHMSG field (120-bytes maximum length), set the U@CHRSHO bit in U#CHRESP, and return to the caller. The message displays after the panel, with appropriate fields completed (original user ID and password), unless overridden (length = 0). |
validation is complete |
a return code of 0 from the user exit indicates that the user is allowed to log on. Any other return code causes the session to end. |
logon acceptance is successful |
the validation routine can complete resource validation and optionally assign a command security level (0, 1, 2, or 3) to the user. The default is 0. Place the appropriate number into U#CHAUT4. To force the user to use only this level, also set the U@CH1LOK bit in U#CHAUT1. |
OMEGAMON for IMS Classic command verification call flow
During command verification, OMEGAMON for IMS Classic places a C in the U#CHTYP field. Now you can check the authorization of the user.
You cannot change the decision to allow or disallow a command on the first encounter on subsequent tries by the same user unless you reset security with the /PWD command.
- Notifies the user exit
- Writes an audit record
- Issues a customized error message
IF the return code is... | THEN... |
---|---|
0 |
the command is allowed (RACF® and ACF2) |
4 |
the command is unknown to RACF (RACF only) OMEGAMON for IMS Classic allows the command to run. For information about defining a command to RACF, see Modifying RACF rules to interface with OMEGAMON for IMS Classic. |
8 |
the command is known to the security package and access is denied for both RACF and ACF2 |
When you authorize commands, OMEGAMON for IMS Classic modifies the command name by replacing the slash of INFO-line commands with a dollar sign (/cccccc becomes cccccc), and the period of immediate commands with @ (ccc becomes @ccc).
When
you log on again, OMEGAMON for
IMS
Classic places
an R
in the U#CHTYP field
to indicate a logon validation. The processing is the same as at initialization
time, except that users cannot enter a new password or group because OMEGAMON for
IMS
Classic does
not display a logon panel.
OMEGAMON for IMS Classic termination call flow
At termination, OMEGAMON for
IMS
Classic passes
aT
to the exit routine of the user. You can then
complete the cleanup that is required, such as freeing user control
blocks and FREEMAINing any GETMAINed areas.