z/OS Security Server RACF Macros and Interfaces
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


ICHRFRTB macro

z/OS Security Server RACF Macros and Interfaces
SA23-2288-00

The RACF® router table is an optional table that allows an installation to bypass RACF processing for a class or for a requestor and subsystem combination. An entry is required in this table for a class only if the class does not require RACF to be called on each invocation of the RACROUTE macro. The same is true for each class, requestor, and subsystem combination; an entry is only required if RACF is not to be called. All entries that specify ACTION=RACF are optional. The RACF router treats each class and combination of requestor and subsystem that does not have an entry in the router table as if it has an entry in the table specifying ACTION=RACF.

An installation can use the RACF router table to change the processing for a class that IBM® supplies. For example, if a tape library product wants to bypass some DFP-issued OCEOV calls, the installation can create a RACF router table with one or more entries that specify ACTION=NONE for combinations of class, requestor, and the OCEOV subsystem.

Example: An installation could use the following macro invocations to create a router table that bypasses OCEOV calls.
ICHRFRTB CLASS=DATASET,REQSTOR=CLOSE,SUBSYS=OCEOV,ACTION=NONE
ICHRFRTB CLASS=DATASET,REQSTOR=TAPEOPEN,SUBSYS=OCEOV,ACTION=NONE
ICHRFRTB CLASS=TAPEVOL,REQSTOR=TAPEOPEN,SUBSYS=OCEOV,ACTION=NONE
ICHRFRTB CLASS=DATASET,REQSTOR=TAPEEOV,SUBSYS=OCEOV,ACTION=NONE,
ICHRFRTB CLASS=TAPEVOL,REQSTOR=CLOSE,SUBSYS=OCEOV,ACTION=NONE
ICHRFRTB TYPE=END

The ICHRFRTB macro generates entries in the RACF router table, module ICHRFR01.

The ICHRFRTB macro definition is as follows: 
[label] ICHRFRTB [ACTION=NONE|RACF]
                 [,CLASS=classname]
                 [,REQSTOR=requestor-name]
                 [,SUBSYS=subsystem-name]
                 [TYPE=END]
ACTION=
Specifies the action to be taken for this entry. This operand is required unless TYPE=END is specified.
NONE
Specifies that no action is to be taken for this entry.
RACF
Specifies that RACF is to be called for this entry.
CLASS=class name
specifies the name of the resource class. You must use the same name that is specified in the corresponding class descriptor table entry. This operand is required unless TYPE=END is specified.
REQSTOR=requestor-name
Specifies the 8-character requestor name. Installations should begin requestor names with a # (X'7B'), @ (X'7C') or $ (X'5B'), because requestor names supplied by IBM do not begin with those characters. If you do not specify a requestor name, the default is a string of 8 blanks. If you code REQSTOR, you should also code the CLASS operand.
SUBSYS=subsystem-name
Specifies the 8-character subsystem name. Installations should begin subsystem names with a # (X'7B'), @ (X'7C') or $ (X'5B'), because subsystem names supplied by IBM will not begin with such characters. If no subsystem name is specified, it defaults to a string of 8 blanks. This operand should not be coded unless CLASS is also specified.
TYPE=END
Indicates the end of the ICHRFR01 table. You must code TYPE=END on the last ICHRFRTB macro instruction. If TYPE=END is specified, no other operands can be coded.
Parent topic: RACF customization macros

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014