The OMEGAMON for IMS Classic call flow for security exit routines

Call flows pass control to your user security exit routine at initialization, during command verification, and at termination. This information does not apply to the IMS command BMP security exit.

OMEGAMON for IMS Classic initialization call flow

At initialization, when OMEGAMON for IMS Classic passes control to your user exit routine, the initialization call is indicated by an I in the U#CHTYP field. OMEGAMON for IMS Classic requires a logon validation.
Table 1. Reviewing call flow at initialization
IF... THEN...

the user ID field length is non-zero

the user ID and password are available.

additional information or another attempt is required

the user exit routine can request a reshow of the screen and reset any field lengths to indicate that no data is present (user ID, password, group, or new password).

To display in VTAM® mode again, set a message into the U#CHMSG field (120-bytes maximum length), set the U@CHRSHO bit in U#CHRESP, and return to the caller.

The message displays after the panel, with appropriate fields completed (original user ID and password), unless overridden (length = 0).

validation is complete

a return code of 0 from the user exit indicates that the user is allowed to log on.

Any other return code causes the session to end.

logon acceptance is successful

the validation routine can complete resource validation and optionally assign a command security level (0, 1, 2, or 3) to the user.

The default is 0.

Place the appropriate number into U#CHAUT4. To force the user to use only this level, also set the U@CH1LOK bit in U#CHAUT1.

OMEGAMON for IMS Classic command verification call flow

During command verification, OMEGAMON for IMS Classic places a C in the U#CHTYP field. Now you can check the authorization of the user.

You cannot change the decision to allow or disallow a command on the first encounter on subsequent tries by the same user unless you reset security with the /PWD command.

However, with each attempt, OMEGAMON for IMS Classic can complete the following tasks:
  • Notifies the user exit
  • Writes an audit record
  • Issues a customized error message
Return codes from the exit routine are as follows:
Table 2. Reviewing call flow during command verification
IF the return code is... THEN...

0

the command is allowed (RACF® and ACF2)

4

the command is unknown to RACF (RACF only)

OMEGAMON for IMS Classic allows the command to run.

For information about defining a command to RACF, see Modifying RACF rules to interface with OMEGAMON for IMS Classic.

8

the command is known to the security package and access is denied for both RACF and ACF2

When you authorize commands, OMEGAMON for IMS Classic modifies the command name by replacing the slash of INFO-line commands with a dollar sign (/cccccc becomes cccccc), and the period of immediate commands with @ (ccc becomes @ccc).

When you log on again, OMEGAMON for IMS Classic places an R in the U#CHTYP field to indicate a logon validation. The processing is the same as at initialization time, except that users cannot enter a new password or group because OMEGAMON for IMS Classic does not display a logon panel.

OMEGAMON for IMS Classic termination call flow

At termination, OMEGAMON for IMS Classic passes aT to the exit routine of the user. You can then complete the cleanup that is required, such as freeing user control blocks and FREEMAINing any GETMAINed areas.