For the purposes of MRO logon and connect security checks, DFHIRP needs to know the CICS region userid under which the CICS job or task is running. DFHIRP obtains the CICS region's userid by issuing a RACROUTE REQUEST=EXTRACT macro.
If you are not using RACF as your external security manager, you must use the MVS™ security router exit, ICHRTX00, to customize the response from the RACROUTE REQUEST=EXTRACT macro.
CICS determines whether a security manager is present or not by examining the SAF response codes.