When a user requests access to the system, the
application controlling the user's access can issue the RACROUTE macro
with REQUEST=VERIFY or REQUEST=VERIFYX specified (or the RACINIT macro).
For ease of reference, this topic calls any such a request a verify
request, and the program issuing the request is called an application.
Some of the places verify requests occur are:
- When interactive users log on (through TSO)
- When batch jobs are submitted through JES
- When NJE jobs or SYSOUT are received
- When APPC/MVS allocation requests are received
- When CICS®, IMS™, or NetView/Access Services allow users to
sign on
- When other APF-authorized applications allow users to access the
system.
Based on the specifications on the verify request, RACF® determines whether the requesting user
is authorized to enter the system.
- If the user is authorized to enter the system, RACF returns a "successful" return code (return
code 0) to the application. The application then allows the request
to complete.
- If the user is not authorized to enter the system, RACF returns an "unauthorized" return code (other
than 0) to the application. In general, the application then fails
the request.
Note: - The REQUEST=VERIFY and REQUEST=VERIFYX preprocessing and postprocessing
exit routines are available during verification processing.
- RACF authorization checks
can be requested by RACF or
the application (for example, to determine if a user is authorized
to use a particular terminal). REQUEST=AUTH preprocessing and postprocessing
exits are available during this authorization processing.
- SMF log records or messages can be generated. (Failures are always
recorded. Successes can be recorded if the application requests it
on the REQUEST=VERIFY request).