This topic contains Product-sensitive Programming
Interface and Associated Guidance Information.
CICS® always performs a transaction-attach security check for each transaction
attach, even when the transaction has no associated terminal. The following
suggests how you can bypass transaction-attach security checks for non-terminal
transactions while continuing to keep full transaction-attach security for
terminal-attached transactions.
CICS always performs the transaction-attach resource check using RACROUTE REQUEST=FASTAUTH, so you need only to provide an ICHRFX01 user
exit. The ICHRFX01 routine
must issue a zero return code to indicate that the resource check processing
is to continue, or a return code of 8 to indicate that the check is to be
regarded as successful.
So that the ICHRFX01 exit can determine the circumstances under which it
is called, specify the ESMEXITS=INSTLN system initialization parameter for
the CICS regions for which you want to control transaction-attach security.
Then your ICHRFX01 routine should do the following:
- Obtain the address of the CICS installation data parameter list, as described
in How ESM exit programs access CICS-related information. If this address is zero, either the caller of the
RACROUTE macro is not CICS, or it is a CICS region whose behavior you do not
wish to modify; so exit with a return code of zero.
- Use the DFHXSUXP macro to map the fields in the installation data parameter
list.
- Confirm that the installation data was created by CICS, by checking that
UXPDFHXS is equal to 'DFHXS'. If it is not, exit with a return code
of zero.
- Examine field UXPPHASE in the installation data. If it is not equal to
USER_ATTACH_CHECK (X'40'), this is not a transaction attach, so exit
with a return code of zero.
- Examine field UXPTERM in the installation data. If it is nonzero, this
is a terminal-related transaction attach, so exit with a return code of zero.
- If UXPPHASE is USER_ATTACH_CHECK and UXPTERM is zero, then a non-terminal
transaction is being attached. Exit with a return code of 8 to indicate to
RACF® that this check is successful. The function RACROUTE REQUEST=FASTAUTH
then completes with a return code of zero, and CICS continues with the attach
of the non-terminal transaction.