z/OS Security Server RACF System Programmer's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Type 62 ENF signals

z/OS Security Server RACF System Programmer's Guide
SA23-2287-00

RACF® can send an ENF signal to listeners when a SETROPTS RACLIST command affects in-storage profiles used for authorization checking. RACF sends a signal when a SETROPTS RACLIST, SETROPTS NORACLIST, or SETROPTS RACLIST REFRESH command is issued for a class, activating, deactivating, or updating the profiles. Signals are sent for a class in the static class descriptor table if SIGNAL=YES was specified on the ICHERCDE macro that defined the class. Signals are sent for a class in the dynamic class descriptor table if SIGNAL(YES) was specified on the CDTINFO keyword of the RDEFINE or RALTER command that defined the class.

Guideline: Only specify SIGNAL=YES when the documentation for a product or application states that you should do so for its user-defined class. Turning on signals for classes that have no listeners, depending on how many classes you do this for, and how many SETROPTS RACLIST, SETOPTS RACLIST REFRESH, and SETOPTS NORACLIST commands are issued for those classes, can result in unnecessary processing by all exits that listen for ENF 62 signals.

When the in-storage profiles for such a class are activated, deactivated, or updated, RACF sends a type 62 ENF signal to listeners, with a parameter list mapped by IRRPENFP in SYS1.MACLIB. Qualifier byte 1 indicates a SETROPTS RACLIST, qualifier byte 2 indicates a SETROPTS RACLIST REFRESH, and qualifier byte 3 indicates a SETROPTS NORACLIST. The parameter list contains the class name.

RACROUTE REQUEST=LIST,GLOBAL=YES does not cause an ENF signal to be issued. When classes that are GLOBAL=YES ONLY RACLISTed are refreshed with SETROPTS RACLIST REFRESH, RACF issues an ENF signal. If they are SETROPTS NORACLISTed, RACF issues the ENF signal only on a system that has the class GLOBAL=YES RACLISTed. Avoid using SETROPTS NORACLIST in the case of a RACROUTE REQUEST=LIST,GLOBAL=YES class unless everyone has disconnected from the dataspace. At that point, it is unlikely that anyone is listening for an ENF signal.

RACF sends no signals when an application issues RACROUTE REQUEST=LIST,GLOBAL=NO.

For a class in the static class descriptor table, if RACLIST=DISALLOWED is specified for a class, no signal is sent even if SIGNAL=YES is specified. For a dynamic class, you should not specify RACLIST(DISALLOWED) with SIGNAL(YES); if you do, the class is not added to the dynamic class descriptor table.

ENFREQ listener routines for the Type 62 ENF signal, should listen as XSYS=NO.

Table 1. ENF 62 event code
Description Qualifier Parameter list passed to user exit Exit type/ Cross-system capable
A RACF SETROPTS RACLIST command has affected in-storage profiles used for authorization requests in a class designated as SIGNAL=YES or SIGNAL(YES) in the RACF class descriptor table.

The class affected is in the parameter list in field IRR_ENFCLASS.

 The qualifier (QUAL) has the following format:
  • BYTE1 X'80' SETROPTS RACLIST has taken place
  • BYTE2 X'80' SETROPTS RACLIST REFRESH has taken place
  • BYTE3 X'80' SETROPTS NORACLIST has taken place
 Mapped by IRRPENFP in SYS1.MACLIB. (See z/OS Security Server RACF Data Areas.) EXIT or SRBEXIT/ NO
Parent topic: ENF signals

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014