This topic contains
the external RACF® system macros
that other callers can use to invoke RACF or
another security product.
The RACF system macros are
received as part of the MVS™ program
product; installations receive these macros even if they do not intend
to install RACF. The RACROUTE
macro instruction is the interface for all products that provide resource
control.
The following lists the RACF macros
that you can invoke with the full function RACROUTE interface. IBM® recommends that installations
use the full function RACROUTE interface instead of the independent RACF system macros. Many of the
keywords and macro invocations are supported only if you invoke them
using this RACROUTE interface.
- RACROUTE REQUEST=AUDIT: General-purpose security-audit request is used to audit requests
to use a function or access a resource without authorization checking.
- RACROUTE REQUEST=AUTH: Check RACF authorization is used to provide authorization
checking when a user requests to use a function or access a resource.
- RACROUTE REQUEST=DEFINE: Define, modify, rename, or delete a resource for RACF is used to define, modify,
or delete resource profiles for RACF.
- RACROUTE REQUEST=DIRAUTH: Directed authorization check of security classification is used to perform security
label authorization checking for installations using security labels.
- RACROUTE REQUEST=EXTRACT: Replace or retrieve fields is used to retrieve or
update specified resource profile fields, to encode data, or to create
an ENVR object, representing the security environment, from an existing
ACEE.
- RACROUTE REQUEST=FASTAUTH: Verify access to resources is used to provide authorization
checking when a user requests access to a RACF-protected resource
similar to RACROUTE REQUEST=AUTH. However, RACROUTE REQUEST=FASTAUTH
verifies access to resources that have RACF profiles
brought into main storage.
- RACROUTE REQUEST=LIST: Build in-storage profiles is used to retrieve general
resource profiles and build an in-storage list for faster authorization
checking. The list is attached to the ACEE.
- RACROUTE REQUEST=SIGNON: Manage PV signed-on lists is used to allow RACF to manage the signed-on lists
associated with persistent verification.
- RACROUTE REQUEST=STAT: Determine RACF Status is used to determine if RACF or another security product
is active and, optionally, to determine whether protection is in effect
for a given resource class. REQUEST=STAT can also be used to determine
if a resource class name is defined.
- RACROUTE REQUEST=TOKENBLD: Build a UTOKEN is used to modify an existing
token.
- RACROUTE REQUEST=TOKENMAP: Access token fields is used to convert a user
token (UTOKEN) or a resource token (RTOKEN) into either internal or
external format.
- RACROUTE REQUEST=TOKENXTR: Extract UTOKENs is used to extract a UTOKEN
from the current task or address space ACEE.
- RACROUTE REQUEST=VERIFY: Identify and verify a RACF-defined user is used to provide user
identification and verification.
- RACROUTE REQUEST=VERIFYX: Verify user and return a UTOKEN is used to create a user
token (UTOKEN) for a unit of work. It provides for propagation of
USERID, GROUPID, and SECLABEL for locally submitted jobs and is similar
to VERIFY in some respects.