RACF system macros

This topic contains the external RACF® system macros that other callers can use to invoke RACF or another security product.

The RACF system macros are received as part of the MVS™ program product; installations receive these macros even if they do not intend to install RACF. The RACROUTE macro instruction is the interface for all products that provide resource control.

The following lists the RACF macros that you can invoke with the full function RACROUTE interface. IBM® recommends that installations use the full function RACROUTE interface instead of the independent RACF system macros. Many of the keywords and macro invocations are supported only if you invoke them using this RACROUTE interface.

RACROUTE REQUEST=AUDIT: General-purpose security-audit request is used to audit requests to use a function or access a resource without authorization checking.
RACROUTE REQUEST=AUTH: Check RACF authorization is used to provide authorization checking when a user requests to use a function or access a resource.
RACROUTE REQUEST=DEFINE: Define, modify, rename, or delete a resource for RACF is used to define, modify, or delete resource profiles for RACF.
RACROUTE REQUEST=DIRAUTH: Directed authorization check of security classification is used to perform security label authorization checking for installations using security labels.
RACROUTE REQUEST=EXTRACT: Replace or retrieve fields is used to retrieve or update specified resource profile fields, to encode data, or to create an ENVR object, representing the security environment, from an existing ACEE.
RACROUTE REQUEST=FASTAUTH: Verify access to resources is used to provide authorization checking when a user requests access to a RACF-protected resource similar to RACROUTE REQUEST=AUTH. However, RACROUTE REQUEST=FASTAUTH verifies access to resources that have RACF profiles brought into main storage.
RACROUTE REQUEST=LIST: Build in-storage profiles is used to retrieve general resource profiles and build an in-storage list for faster authorization checking. The list is attached to the ACEE.
RACROUTE REQUEST=SIGNON: Manage PV signed-on lists is used to allow RACF to manage the signed-on lists associated with persistent verification.
RACROUTE REQUEST=STAT: Determine RACF Status is used to determine if RACF or another security product is active and, optionally, to determine whether protection is in effect for a given resource class. REQUEST=STAT can also be used to determine if a resource class name is defined.
RACROUTE REQUEST=TOKENBLD: Build a UTOKEN is used to modify an existing token.
RACROUTE REQUEST=TOKENMAP: Access token fields is used to convert a user token (UTOKEN) or a resource token (RTOKEN) into either internal or external format.
RACROUTE REQUEST=TOKENXTR: Extract UTOKENs is used to extract a UTOKEN from the current task or address space ACEE.
RACROUTE REQUEST=VERIFY: Identify and verify a RACF-defined user is used to provide user identification and verification.
RACROUTE REQUEST=VERIFYX: Verify user and return a UTOKEN is used to create a user token (UTOKEN) for a unit of work. It provides for propagation of USERID, GROUPID, and SECLABEL for locally submitted jobs and is similar to VERIFY in some respects.