System Authorization Facility (SAF) requirements

For the IXCNOTE requests listed below, your program needs appropriate SAF authorization to the FACILITY class resource IXCNOTE.owner.application, where owner and application are derived from the note pad name. See Note pad name for more information about note pad names. The installation instructions for your application should document the names of your note pads so the security administrator can define these profiles.

If SAF is installed and a SAF profile is defined for the relevant class of note pads, the decision returned by SAF is always honored by XCF. If your program does not have SAF authorization, the IXCNOTE request is rejected.

If SAF is not installed, or if a SAF profile is not defined for the relevant class of note pads, XCF determines whether your program is running authorized. If your program is not running authorized, the IXCNOTE request is rejected. If your program is running authorized, the request is allowed to proceed.

The following IXCNOTE requests require SAF authorization:
  • Create note pad requires CONTROL access
  • Query note pad requires READ access
  • Start of changeModify note pad requires CONTROL accessEnd of change
  • Delete note pad requires CONTROL access
  • Create connection requires:
    • READ access if the connection access scope is read
    • UPDATE access if the connection access scope is update
    See Access scope for information about the connection access scope. As noted above, an authorized program can create a connection even if SAF is not installed or there is no SAF profile defined for the note pad. However, note that such a connection can only be used by programs that are running authorized.
In general, XCF does not perform SAF checks for requests that process notes in the note pad (single note and multi-note requests). Similarly, XCF does not generally perform SAF checks for delete connection requests. However, XCF might perform a SAF check when the security environment of the requesting work unit appears to differ from the security environment of the work unit that created the connection. For example, if a connection has address space scope, a SAF check might be performed if the work unit that issues the request has its own security environment. For a connection with task scope, a SAF check might be performed if the work unit that issues the request is not the connector task. If a SAF check is performed, the program must have access that is appropriate for the type of request being issued:
  • Read note requires READ access
  • Create, write, replace, or delete note requires UPDATE access
  • Delete connection requires:
    • READ access if the connection was created with access scope of read
    • UPDATE access if the connection was created with access scope of update