The following list summarizes the RACROUTE macros used by CICS® to invoke the
ESM, and the control points at which they are issued.
- RACROUTE
- The "front end" to the macros described below, it invokes the MVS™ router.
If RACF® is not present on the system, RACROUTE can route to an alternative
ESM, via the MVS router exit.
- RACROUTE REQUEST=VERIFY
- Issued at operator signon (with the parameter ENVIR=CREATE), and at
sign-off (with the parameter ENVIR=DELETE). This macro creates or destroys
an access control environment element (ACEE). It is issued at the following CICS control points:
- Normal signon through EXEC CICS SIGNON
- Signon of the default userid DFLTUSER
- Signon of preset security terminals
- Signon of MRO sessions
- Signon of LUTYPE6.1 sessions
- Signon of APPC sessions
- Signon for XRF tracking of the above
- Signon of the userid on attach requests (for all values of ATTACHSEC except
LOCAL)
- Normal sign-off through EXEC CICS SIGNOFF
- Sign-off when deleting a terminal
- Sign-off when TIMEOUT expires
- Sign-off of MRO sessions
- Sign-off of LUTYPE6.1 sessions
- Sign-off of APPC sessions
- Sign-off for XRF tracking of the above
- Sign-off of the userid on attach requests (for all values of ATTACHSEC
except LOCAL).
- RACROUTE REQUEST=VERIFYX
- This creates or deletes an ACEE in a single call. It is issued at the
following CICS control points:
- Signon, as an alternative to VERIFY, when an optimized signon is performed
for subsequent signons across an LU6.2 link with ATTACHSEC(VERIFY).
- When an invalid password, or a passticket is presented, or an EXEC CICS VERIFY PASSWORD command is issued.
- RACROUTE REQUEST=FASTAUTH
- Issued during resource checking, on behalf of a user who is identified
by an ACEE. It is the high-performance form of REQUEST=AUTH, using in-storage
resource profiles, and is issued at the following CICS control points:
- When attaching local transactions
- When checking link security for transaction attach
- Transaction validation for MRO tasks
- CICS resource checking
- Link security check for a CICS resource
- Transaction validation for EDF
- Transaction validation for the transaction being tested (by EDF)
- DBCTL PSB scheduling resource security check
- DBCTL PSB scheduling link security check
- Remote DL/I PSB scheduling resource check
- QUERY SECURITY with the RESTYPE option.
- RACROUTE REQUEST=AUTH
- This is a higher path length form of resource checking. It is used:
- After a call to FASTAUTH indicates an access failure that requires logging.
- When a QUERY SECURITY request with the RESCLASS option is used. This indicates
a request for a resource for which CICS has not built in-storage profiles. (If CICS has in fact built in-storage profiles, REQUEST=AUTH
uses them.)
- RACROUTE REQUEST=LIST
- Issued to create and delete the in-storage profile lists needed by REQUEST=FASTAUTH.
(One REQUEST=LIST macro is required for each resource class.) It is issued
at the following CICS control points:
- When CICS security is being initialized
- When an EXEC CICS REBUILD SECURITY is issued
- When XRF tracks either of these events.
- RACROUTE REQUEST=EXTRACT
- Issued (with the parameters SEGMENT=SESSION,CLASS=APPCLU) during verification
of APPC BIND security, at the following CICS control point:
It is also issued (with the parameters SEGMENT=CICS,CLASS=USER) during
signon, at all the control points listed under RACROUTE REQUEST=VERIFY.
For a detailed description of these macros, see the OS/390 Security Server External Security Interface (RACROUTE) Macro Reference manual.
[[ Contents Previous Page | Next Page Index ]]