Overview of the CICS-RACF interface

This topic contains Product-sensitive Programming Interface and Associated Guidance Information.

In CICS® Transaction Server for z/OS®, Version 3 Release 1, the only form of security CICS supports is that provided by an external security manager (ESM), such as RACF®. CICS uses, by means of the RACROUTE macro, the MVS™ system authorization facility (SAF) interface to route authorization requests to RACF.

Figure 1 shows how the MVS router exit and RACF user exits are invoked when CICS issues a RACROUTE macro.
Figure 1. MVS router exit.
  1. CICS issues the RACROUTE macro, which invokes the MVS router.
  2. The MVS router calls the MVS router exit (ICHRTX00)
  3. If the MVS router exit's return code is zero, the MVS router calls the RACF router; the RACF router calls the external security manager (RACF in this example). The security manager may call its own user exits.
  4. The MVS router returns control to CICS.
This figure shows the places where the MVS router exit and RACF user exits are invoked when CICS issues a RACROUTE macro.
See the z/OS Security Server RACROUTE Macro Reference for information on how the RACROUTE macro is coded.

The control points at which CICS issues a RACROUTE macro to route authorization requests are described in CICS security control points.