Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
ICHCNX00 processing z/OS Security Server RACF System Programmer's Guide SA23-2287-00 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The exit must be named ICHCNX00. It allows an installation to perform additional security checks, to further enhance or restrict the RACF® limitations on the passed commands, or to modify or eliminate the RACF DASD data set naming convention. Because corresponding processing might be required in the RACROUTE REQUEST=DEFINE preprocessing exit and the RACROUTE REQUEST=AUTH preprocessing or postprocessing exits, RACF passes these exits a parameter list with similar structure and content, to allow similar routines to be used. RACF calls the naming conventions processing routine before ICHCNX00 receives control. See also Data set naming convention table. This exit must be reentrant. The exit can have any RMODE, but AMODE should be AMODE(31) or AMODE(ANY) for the best use of virtual storage and best RACF performance. This exit can run in the RACF subsystem address space, and considerations discussed in Exits running in the RACF subsystem address space apply. If the exit is invoked for a command that originates from a TSO user, it is invoked in problem state, under protection key 8, in an APF-authorized environment. If the exit is invoked for a directed command, it is invoked in supervisor state, under protection key 0. If the exit is invoked for a command that originates from the operator's console, it is invoked in problem state, under protection key 2, in an APF-authorized environment. If the exit is invoked for a command issued under some other task, the invocation state depends on the attributes of that task. z/OS Security Server RACF Data Areas contains a mapping of the command-preprocessing exit parameter list, CNXP. The caller (indicated by the function and subfunction codes pointed to by the fullword at offset 4 in the parameter list) determines which parameters are passed to the exit routine and which parameters can be changed by the exit routine. See Table 1 for a summary of these parameters.
|
Copyright IBM Corporation 1990, 2014
|