• An image of the original command after parsing.
  • Quoted text strings, such as values for the ADDUSER NAME keyword, appear as entered. Note that quoted text strings might be longer than allowed because of TSO parse processing. These strings are typically truncated in the RACF database.
  • If the AT or ONLYAT keyword was specified, it does not appear in the command buffer.
  • All general resource names appear in the appropriate case for the class. For classes specified with CASE=ASIS in the class descriptor table, such as EJBROLE and GEJBROLE, the case is as entered by the user. For all other classes, profile names appear in uppercase.
  • If the user's TSO profile is not set to NOPREFIX, the value of the PREFIX is inserted as the high-level qualifier for unquoted data sets. This value can be set to whatever the caller wants, using TSO cmd PROFILE PREFIX(value). The typical value is the user ID. However, often a group of users set a common prefix and that is used.
  • For the RDEFINE, RALTER, RLIST, RDELETE, PERMIT, and ADDSD commands, if a class name was abbreviated in the command, the full name of the class appears in the command image.

    Exception: A profile name in the GLOBAL class (which is a class name) is left as it was entered in the command.

• The defaults for command keywords that have defaults and were not specified on the original command.
• Any data that was provided by prompting.
• An extra 300 bytes of blanks following the last keyword in the buffer, where the exit can add more keywords.

The exit can change the values of keywords in the buffer, but if it changes the command name RACF fails the command. If the exit changes the pointer to the command buffer, RACF ignores the change.

• If the address is 0, the RACF parameter library issued the command, and the command runs with the authority of the RACF subsystem address space.
• If the address is nonzero, it points to the ACEE of the user ID under whose authority the command runs. (This user ID is usually the one that issued the command, but not necessarily. For example, for directed commands it is the user ID specified on the AT or ONLYAT keyword.) The exit can examine the user ID and group name in this ACEE to do authority checking on the command. The exit can modify fields in the ACEE that are part of the defined programming interface, but the postprocessing call should restore the previous values when it gets control after command execution or after an abend. For information about the ACEE fields, see z/OS Security Server RACF Data Areas.

The exit cannot change the pointer to the ACEE.

• On the preprocessing call, these values are 0. If the exit changes these values, the changes are ignored.
• On the postprocessing call:
  • If the command did not abend, the command return code field contains the value set by the command processor during command execution. The exit can change this return code.
  • If the command abended, the flag is set to indicate that the abend has occurred, the abend completion code is passed, and the command return code field is set to the abend reason code, if available. If the exit changes these values, the changes are ignored.