Server access control exit program parameter list

The user exit program on the target server passes two parameter values: a character return code field and a character data structure containing various parameter values.

The user exit program on the target server uses the character data structure parameter values, that are passed by the TDDM, to evaluate whether to allow the request from the source server. The parameter list is created each time a file access request or command request is sent to the TDDM; when any one of the functions shown for the Subapplication field is requested, the parameter list is created. When file I/O operations are performed, this parameter list is created only for the file open request, not for any of the I/O operation requests that follow.

The program uses the parameter list to determine whether a source server user's file access or command request should be accepted or rejected. The list contains the following parameters and values:

  • The name of the user profile or default user profile under which the source server user's request is run.
  • The name of the application program on the source server being used. For DDM use, the name is *DDM. For DRDA use, the name is *DRDA.
  • The name of the command or function (subapplication) being requested for use on the target server or one of its files.

    Most of the functions listed in the following table directly affect a file, including the EXTRACT function, which extracts information from the file when commands such as Display File Description (DSPFD) or Display File Field Description (DSPFFD) are specified by the source server user. Some functions are member-related functions, such as the CHGMBR function, which allows characteristics of a member to be changed. The COMMAND function indicates that a command string is submitted by the Submit Remote Command (SBMRMTCMD) command to run on the target server. The SQLCNN function specifies a DRDA connect attempt.

  • The name of the file (object) to be accessed in the way specified on the previous parameter. This field does not apply if a command string (COMMAND) or stream and directory access commands are being submitted or if it is a DRDA command.
  • If the stream and directory access commands are specified, then the object and directory fields have a value of *SPC. The user must go to the Other field to get the alternative object name and alternative path name.
  • The name of the library containing the file, if a file is being accessed.
  • The name of the file member, if a file member is being accessed. Stream and access commands have a value of *N.
  • The format field does not apply for DDM or DRDA.
  • Depending on how the next field is used, the length varies.
  • The Other field is used for as many as three of the following six values; the first two are always specified (*N might be used for the second value if the system name cannot be determined), and either of the last four might be specified, depending on the type of function specified in the Subapplication field.
    • The location name of the source server. This matches the RMTLOCNAME parameter value specified in the target server's device description for the source server if APPC communications is being used.
    • The system name of the source server.
    • If a file was specified and it is to be opened, (OPEN) for I/O operations, this field indicates which type of operation is being requested. For example, if a file is being opened for read operations only, the input request value is set to a 1 and the remaining values are set to a 0.
    • The alternative object name.
    • The alternative directory name.
    • The name of the iSeries command, if a command string is being submitted, followed by all of its submitted parameters and values.
Table 1. Parameter list for user exit program on target server
Field Type Length Description
User Character 10 User profile name of target DDM job.
Application Character 10 Application name:
  • '*DDM ' for Distributed Data Management.
  • '*DRDA ' for Distributed Relational Database Architecture
Subapplication Character 10 Requested function:
  • 'ADDMBR ' 'DELETE ' 'RGZMBR '
  • 'CHANGE ' 'EXTRACT ' 'RMVMBR '
  • 'CHGDTAARA ' 'INITIALIZE' 'RNMMBR '
  • 'CHGMBR ' 'LOAD ' 'RTVDTAARA '
  • 'CLEAR ' 'LOCK ' 'SNDDTAQ '
  • 'CLRDTAQ ' 'MOVE ' 'SQLCNN '
  • 'COMMAND ' 'OPEN '
  • 'COPY ' 'RCVDTAQ '
  • 'CREATE ' 'RENAME '
Object Character 10 Specified file name. *N is used when the subapplication field is 'COMMAND '. *SPC is used when the file is a document or folder.
  Character 10 Specified library name. *N is used when the subapplication field is 'COMMAND '. *SPC is used when the library is a folder.
Member Character 10 Specified member name. *N is used when the member name is not applicable.
Format Character 10 Not applicable for DDM.
Length Decimal 5,0 Length of the next field.
Source Remote Location Character 10 Remote location unit name of source system (if SNA).
Source System Name Character 10 System name of remote server. If this value is not available, this field contains '*N '.
Other Character 2000 The use of this 2000 byte area depends on the request function. If it is SQLCNN, then the DRDA mapping should be used. For other functions, use the DDM mapping.
To use DDM:
The following varies, depending on the function. If OPEN is specified to open a file:
1
Input request Char(1) 1=yes 0=no
1
Output request Char(1) 1=yes 0=no
1
Update request Char(1) 1=yes 0=no
1
Delete request Char(1) 1=yes 0=no
12
Alternative object name.
63
Alternative directory name.
1921
The command string if COMMAND is specified to submit a command.
To use DRDA:
9
Type definition name of DRDA application requester. Product ID of DRDA application requester.
3
Product code.
2
Version ID.
2
Release ID.
1
Modification level.
18
RDB Name.
1965
Reserved.
Note:
*N =
Null value indicates a parameter position for which no value is being specified, allowing other parameters to follow it in positional form.