Setting up security exits in your runtime environment

Security exits are required for your runtime environment. You can use the CREATE and MIGRATE actions to set up your security exits library, and use the GENERATE action to create the necessary runtime members.

You must set up a library for your runtime environment that contains the OMEGAMON and IBM Tivoli Monitoring-related product security exits (such as KOBSUPDT OMEGAMON KppSUPDI exits, Tivoli Monitoring Services: Engine security exits, and external security exits).

The following points provide an overview of the configuration that is required in Configuration Manager for security exits in your runtime environment:
  • A dedicated library must be allocated and populated with the security exits. The default name for the security exits library is rte_plib_hilev.rte_name.SECEXITS. (You can override the name of this library using the KFJ_SECURITY_EXITS_LIB parameter in the CREATE or MIGRATE action.) If you use the CREATE or MIGRATE action to allocate the library, it will be populated with default security exit members. You can also import existing security exit members if you are migrating your runtime environment from PARMGEN.
  • A reference to the security exits library is required in the RTE_X_SECURITY_EXIT_LIB parameter located in member rte_plib_hilev.RTEDEF(rte_name).

After the security exits library has been set up using Configuration Manager, you can modify the security exit members as needed for your environment. You can then use the GENERATE action to rebuild and relink them.

Setting up security exits using CREATE

You can use the CREATE action to allocate the security exits library using the default name and populate it with an initial set of configuration profile members. You can also use the KFJ_SECURITY_EXITS_LIB parameter to specify another name for the security exits library. If the specified data set does not exist, it will be allocated and populated with the default security exit members. If the specified data set does exist, it will be populated with the default security members, but no existing member will be overwritten. The CREATE action also populates the required reference to the library in the RTE_X_SECURITY_EXIT_LIB parameter.

For more information about running the CREATE action, see CREATE.

Setting up security exits using MIGRATE

If you are migrating your runtime environment from PARMGEN, you can use the MIGRATE action to import the PARMGEN security exits into the new runtime environment. Like the CREATE action, the MIGRATE action allocates the rte_plib_hilev.rte_name.SECEXITS library (or, optionally, the library specified in the KFJ_SECURITY_EXITS_LIB parameter). The MIGRATE action also copies the security exits used by the PARMGEN environment to the specified security exits library. Because the migration also imports runtime environment configuration settings from the PARMGEN environment, the RTE_X_SECURITY_EXIT_LIB parameter will contain the name of the security exits library used by the PARMGEN environment; you must review this setting and update it to use the proper rte_plib_hilev.rte_name.SECEXITS library (if necessary) before running the GENERATE action.
Note: The security exits library used in PARMGEN is identified in rte_hilev.rtename.RKANSAMU and is not changed as a result of the MIGRATE action. For more information about the differences between PARMGEN and Configuration Manager, see Comparison with PARMGEN.

For more information about running the MIGRATE action, see MIGRATE.

Rebuild and relink security exits using GENERATE

The GENERATE action automatically performs the required tasks of rebuilding and relinking the security exits. The GENERATE action also provides an optional setting, OPTION SECEXITS, that allows you to perform the security exits tasks separately from the normal GENERATE workflow, which can save valuable CPU cycles.

For more information about running the GENERATE action, see GENERATE.