All RACROUTE macros are issued from a CMAS. Macros required to support
simulated CICS® security checking are issued from the CMAS to which the target MAS is
connected.
The following list summarizes the RACROUTE macros used by CICSPlex® SM to invoke
the ESM, and the control points at which they are issued.
- RACROUTE
- The "front end" to the macros described below, it invokes the MVS™
router. If RACF® is not present on the system, RACROUTE can route to an alternative
ESM, via the MVS router exit.
- RACROUTE REQUEST=VERIFY
- Issued at user signon (with the parameter ENVIR=CREATE), and at user
sign-off (with parameter ENVIR=DELETE) to a CMAS. For ISPF end-user interface requests,
signon calls are made during window creation in the CMAS that supports the
named context. Sign-off calls are made when the window is closed. This macro
creates or destroys an access control environment element (ACEE). It is issued
at the following CICSPlex SM CMAS control points:
- ISPF end-user interface user connection to a CMAS
- API CONNECT thread creation
- Single system image command routing
- ISPF end-user interface user disconnect from a CMAS
- API DISCONNECT thread termination
- RACROUTE REQUEST=FASTAUTH
- Issued during resource checking, on behalf of a user who is identified
by an ACEE. It is the high-performance form of REQUEST=AUTH, using in-storage
resource profiles, and is issued at the following CICSPlex SM CMAS control points:
- Simulated CICS security checking
- View selection / API security
- RACROUTE REQUEST=AUTH
- This is a higher path length form of resource checking and is issued
during CAS / PLEXMGR security checking. It may also be called to perform
logging and auditing after a REQUEST=FASTAUTH.
- RACROUTE REQUEST=LIST
- Issued to create and delete the in-storage profile lists needed by REQUEST=FASTAUTH.
(One REQUEST=LIST macro is required for each resource class.) It is issued
at the following CICSPlex SM CMAS control points:
- When CICSPlex SM security is being initialized for a MAS
- When the CMAS or CMASD sceurity action command (SEC) is issued.
For a detailed description of these macros, see the z/OS Security Server RACF Macros and Interfaces manual.