Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
RACROUTE REQUEST=LIST exits z/OS Security Server RACF System Programmer's Guide SA23-2287-00 |
|
RACROUTE REQUEST=LIST is used to build in-storage (resident) copies of general-resource profiles. Both the RACROUTE REQUEST=AUTH and RACROUTE REQUEST=FASTAUTH routines can use these resident profiles for authorization checking. The RACROUTE REQUEST=LIST pre- and postprocessing exit (ICHRLX01) and the selection exit (ICHRLX02) allow the installation to modify REQUEST=LIST processing options and to resolve conflicts between new and existing profile information. RACROUTE REQUEST=LIST processing is as follows:
RACROUTE REQUEST=LIST is used by products requiring high-performance authorization checking (such as IMS™ and CICS®). They then use the RACROUTE REQUEST=FASTAUTH service, possibly followed by the RACROUTE REQUEST=AUTH service, to do authorization checking. If you need to create an authorization checking exit for IMS or CICS, you might need to use a FASTAUTH exit or both a FASTAUTH exit and an AUTH exit. ICHRLX01 is entered before RACROUTE REQUEST=LIST builds any in-storage profiles of RACF-defined resources and again after the profiles have been built (at the end of REQUEST=LIST processing). ICHRLX02 is entered as each profile is being built. A resource name can appear in more than one resource-group profile
and at the same time can have a profile of its own. RACROUTE REQUEST=LIST
resolves conflicts between these multiple profiles for the following
fields:
The RACROUTE REQUEST=LIST preprocessing exit can specify general rules for this resolution, such as to use the most or the least restrictive option, or to use the first or the last value found. The RACROUTE REQUEST=LIST selection exit (which is passed the profile built to that point and the new values to be resolved) can make specific decisions. ICHRLX02 is entered as each profile is being built. The RACROUTE REQUEST=LIST selection exit can also resolve conflicts for the OWNER field. If there are no exits to invoke, RACF checks
all the profiles and does the following:
|
Copyright IBM Corporation 1990, 2014
|