Server access control exit program parameter list
The user exit program on the target server passes two parameter values: a character return code field and a character data structure containing various parameter values.
The user exit program on the target server uses the character data structure parameter values, that are passed by the TDDM, to evaluate whether to allow the request from the source server. The parameter list is created each time a file access request or command request is sent to the TDDM; when any one of the functions shown for the Subapplication field is requested, the parameter list is created. When file I/O operations are performed, this parameter list is created only for the file open request, not for any of the I/O operation requests that follow.
The program uses the parameter list to determine whether a source server user's file access or command request should be accepted or rejected. The list contains the following parameters and values:
- The name of the user profile or default user profile under which the source server user's request is run.
- The name of the application program on the source server being used. For DDM use, the name is *DDM. For DRDA use, the name is *DRDA.
- The name of the command or function (subapplication) being requested
for use on the target server or one of its files.
Most of the functions listed in the following table directly affect a file, including the EXTRACT function, which extracts information from the file when commands such as Display File Description (DSPFD) or Display File Field Description (DSPFFD) are specified by the source server user. Some functions are member-related functions, such as the CHGMBR function, which allows characteristics of a member to be changed. The COMMAND function indicates that a command string is submitted by the Submit Remote Command (SBMRMTCMD) command to run on the target server. The SQLCNN function specifies a DRDA connect attempt.
- The name of the file (object) to be accessed in the way specified on the previous parameter. This field does not apply if a command string (COMMAND) or stream and directory access commands are being submitted or if it is a DRDA command.
- If the stream and directory access commands are specified, then the object and directory fields have a value of *SPC. The user must go to the Other field to get the alternative object name and alternative path name.
- The name of the library containing the file, if a file is being accessed.
- The name of the file member, if a file member is being accessed. Stream and access commands have a value of *N.
- The format field does not apply for DDM or DRDA.
- Depending on how the next field is used, the length varies.
- The Other field is used for as many as three of the following
six values; the first two are always specified (*N might be used for
the second value if the system name cannot be determined), and either
of the last four might be specified, depending on the type of function
specified in the Subapplication field.
- The location name of the source server. This matches the RMTLOCNAME parameter value specified in the target server's device description for the source server if APPC communications is being used.
- The system name of the source server.
- If a file was specified and it is to be opened, (OPEN) for I/O operations, this field indicates which type of operation is being requested. For example, if a file is being opened for read operations only, the input request value is set to a 1 and the remaining values are set to a 0.
- The alternative object name.
- The alternative directory name.
- The name of the iSeries command, if a command string is being submitted, followed by all of its submitted parameters and values.
Field | Type | Length | Description |
---|---|---|---|
User | Character | 10 | User profile name of target DDM job. |
Application | Character | 10 | Application name:
|
Subapplication | Character | 10 | Requested function:
|
Object | Character | 10 | Specified file name. *N is used when the subapplication field is 'COMMAND '. *SPC is used when the file is a document or folder. |
Character | 10 | Specified library name. *N is used when the subapplication field is 'COMMAND '. *SPC is used when the library is a folder. | |
Member | Character | 10 | Specified member name. *N is used when the member name is not applicable. |
Format | Character | 10 | Not applicable for DDM. |
Length | Decimal | 5,0 | Length of the next field. |
Source Remote Location | Character | 10 | Remote location unit name of source system (if SNA). |
Source System Name | Character | 10 | System name of remote server. If this value is not available, this field contains '*N '. |
Other | Character | 2000 | The use of this 2000 byte area depends
on the request function. If it is SQLCNN, then the DRDA mapping should be used. For other functions,
use the DDM mapping.
|
Note:
|