Secondary authorization function (function code X'01')

The secondary authorization function can provide authorization for sessions that were deferred by the initial authorization function, or all successful session authorization requests if the exit routine does not process the initial authorization function. Secondary authorization is processed during session initiation. If the begin function specifies that the exit is to be called for LU session takeover, and the session being taken over is established using extended BIND protocols, the secondary authorization function is called. If authorization was deferred by initial authorization and the session fails before secondary authorization, the secondary authorization will be called to inform the exit of the failure. An indicator in the related session information indicates whether the invocation is because of session setup or failure.

The secondary authorization function sometimes receives more information about a session from VTAM® than does the initial authorization function. The DLU's real name, network identifier, and owning SSCP might not be known at initial authorization, but are known at secondary authorization.

For normal initiation processing, the initial authorization function does not know the DLU gateway information vector (GIV) at initial authorization time. It can, however, be determined by looking at the parameter list obtained when the secondary authorization function is invoked.

For cross-domain or cross-network sessions, the secondary authorization function is processed:

In the DLU SSCP before sending CDINIT response
In the intermediate and OLU SSCPs during CDINIT response processing

For same-domain sessions, the function is processed before the INIT response.

If the exit routine processes neither initial nor secondary authorization functions (because they were not selected during begin function processing), all sessions are authorized.

Table 1 shows the secondary authorization function parameter list pointed to by register 1. The parameters are described in Parameter descriptions.

Table 1. Secondary authorization function parameter List
Dec (Hex) Offset	Size (Bytes)	Description
0 (0)	4	Address of environment vectors
4 (4)	4	Address of function code and related session information
8 (8)	4	Address of user data field
12 (C)	4	Address of PLU resource identifier control vector
16 (10)	4	Address of SLU resource identifier control vector
20 (14)	4	Address of session ID
24 (18)	4	Reserved
28 (1C)	4	Address of OLU gateway information vector
32 (20)	4	Address of DLU gateway information vector
36 (24)	4	Address of OLU adjacent SSCP vector
40 (28)	4	Address of DLU adjacent SSCP vector
44 (2C)	4	Failing sense code address ¹
48 (30)	4	Reserved
52 (34)	4	Reserved
56 (38)	4	Address of ILU resource identifier control vector
68 (44)	4	Address of session authorization data vector
72 (48)	4	Address of VTAM exit services parameter list
76 (4C)	4	Address of session management data area
80 (50) ²	4	Address of TCP/IP information control vector

This pointer is valid only if bit X'08' in byte 2 of the function code and related session information is set to one. For additional information about the failing sense code, see z/OS Communications Server: IP and SNA Codes.
This offset should be tested for zero before usage. When the offset is nonzero, it represents a pointer to the TCP/IP information control vector. This vector provides the IP characteristics of a TN3270 client associated with the SLU resource.