CICSPlex® SM provides a security validation exit that allows you to control access to a CMAS from application programming interface (API) programs. The security routine is called when security is active in a CMAS, but the environment in which the API program is running does not provide security of its own. CICSPlex SM attempts to extract user authorization data from the environment. If authorization data does not exist, the security routine is called.