CICS security control points

The following list summarizes the RACROUTE macros used by CICS® to invoke the ESM, and the control points at which they are issued.

RACROUTE
The "front end" to the macros described below, it invokes the MVS™ router. If RACF® is not present on the system, RACROUTE can route to an alternative ESM, via the MVS router exit.
RACROUTE REQUEST=VERIFY
Issued at operator signon (with the parameter ENVIR=CREATE), and at sign-off (with the parameter ENVIR=DELETE). This macro creates or destroys an access control environment element (ACEE). It is issued at the following CICS control points:
RACROUTE REQUEST=VERIFYX
This creates or deletes an ACEE in a single call. It is issued at the following CICS control points:
RACROUTE REQUEST=FASTAUTH
Issued during resource checking, on behalf of a user who is identified by an ACEE. It is the high-performance form of REQUEST=AUTH, using in-storage resource profiles, and is issued at the following CICS control points:
RACROUTE REQUEST=AUTH
This is a higher path length form of resource checking. It is used:
RACROUTE REQUEST=LIST
Issued to create and delete the in-storage profile lists needed by REQUEST=FASTAUTH. (One REQUEST=LIST macro is required for each resource class.) It is issued at the following CICS control points:
RACROUTE REQUEST=EXTRACT
Issued (with the parameters SEGMENT=SESSION,CLASS=APPCLU) during verification of APPC BIND security, at the following CICS control point: It is also issued (with the parameters SEGMENT=CICS,CLASS=USER) during signon, at all the control points listed under RACROUTE REQUEST=VERIFY.

For a detailed description of these macros, see the OS/390 Security Server External Security Interface (RACROUTE) Macro Reference manual.

Related concepts
An overview of the CICS-ESM interface
Related tasks
Using ESM exit programs to access CICS-related information
Using early verification processing
Related reference
The MVS router
[[ Contents Previous Page | Next Page Index ]]