Using the MVS router

SAF provides your installation with centralized control over security processing, by using a system service called the MVS™ router. The MVS router provides a common system interface for all products providing resource control. The resource-managing components and subsystems (such as CICSPlex® SM) call the MVS router as part of certain decision-making functions in their processing, such as access control checking and authorization-related checking. These functions are called control points. This single SAF interface encourages the use of common control functions shared across products and across systems.

If RACF® is available in the system, the MVS router may pass control to the RACF router, which in turn invokes the appropriate RACF function. (The parameter information and the RACF router table, which associates router invocations with RACF functions, determine the appropriate function.) However, before calling the RACF router, the MVS router calls an optional, installation-supplied security-processing exit, if one has been installed.