When logon or job initialization processing takes place and why

When a user requests access to the system, the application controlling the user's access can issue the RACROUTE macro with REQUEST=VERIFY or REQUEST=VERIFYX specified (or the RACINIT macro). For ease of reference, this topic calls any such a request a verify request, and the program issuing the request is called an application.

Some of the places verify requests occur are:

When interactive users log on (through TSO)
When batch jobs are submitted through JES
When NJE jobs or SYSOUT are received
When APPC/MVS allocation requests are received
When CICS®, IMS™, or NetView/Access Services allow users to sign on
When other APF-authorized applications allow users to access the system.

Based on the specifications on the verify request, RACF® determines whether the requesting user is authorized to enter the system.

If the user is authorized to enter the system, RACF returns a "successful" return code (return code 0) to the application. The application then allows the request to complete.
If the user is not authorized to enter the system, RACF returns an "unauthorized" return code (other than 0) to the application. In general, the application then fails the request.

Note:

The REQUEST=VERIFY and REQUEST=VERIFYX preprocessing and postprocessing exit routines are available during verification processing.
RACF authorization checks can be requested by RACF or the application (for example, to determine if a user is authorized to use a particular terminal). REQUEST=AUTH preprocessing and postprocessing exits are available during this authorization processing.
SMF log records or messages can be generated. (Failures are always recorded. Successes can be recorded if the application requests it on the REQUEST=VERIFY request).