CICSPlex SM security control points

All RACROUTE macros are issued from a CMAS. Macros required to support simulated CICS® security checking are issued from the CMAS to which the target MAS is connected.

The following list summarizes the RACROUTE macros used by CICSPlex® SM to invoke the ESM, and the control points at which they are issued.

RACROUTE
The "front end" to the macros described below, it invokes the MVS™ router. If RACF® is not present on the system, RACROUTE can route to an alternative ESM, via the MVS router exit.
RACROUTE REQUEST=VERIFY
Issued at user signon (with the parameter ENVIR=CREATE), and at user sign-off (with parameter ENVIR=DELETE) to a CMAS. For ISPF end-user interface requests, signon calls are made during window creation in the CMAS that supports the named context. Sign-off calls are made when the window is closed. This macro creates or destroys an access control environment element (ACEE). It is issued at the following CICSPlex SM CMAS control points:
  • ISPF end-user interface user connection to a CMAS
  • API CONNECT thread creation
  • Single system image command routing
  • ISPF end-user interface user disconnect from a CMAS
  • API DISCONNECT thread termination
RACROUTE REQUEST=FASTAUTH
Issued during resource checking, on behalf of a user who is identified by an ACEE. It is the high-performance form of REQUEST=AUTH, using in-storage resource profiles, and is issued at the following CICSPlex SM CMAS control points:
  • Simulated CICS security checking
  • View selection / API security
RACROUTE REQUEST=AUTH
This is a higher path length form of resource checking and is issued during CAS / PLEXMGR security checking. It may also be called to perform logging and auditing after a REQUEST=FASTAUTH.
RACROUTE REQUEST=LIST
Issued to create and delete the in-storage profile lists needed by REQUEST=FASTAUTH. (One REQUEST=LIST macro is required for each resource class.) It is issued at the following CICSPlex SM CMAS control points:
  • When CICSPlex SM security is being initialized for a MAS
  • When the CMAS or CMASD sceurity action command (SEC) is issued.

For a detailed description of these macros, see the z/OS Security Server RACF Macros and Interfaces manual.