Description
Exit 29, the security postprocessing exit, allows you to examine all security requests, including user signon and signoff, after they are processed by the security system. This exit can be used to perform the same tasks as exits 1 and 2 in previous releases.
Exit 29 is called after the security system has completed processing for a security request. By setting the flag SRBXFAB flag in the Security Request Block (SRB), the exit can request that access be denied.
These parameters are passed:
Exit 29 in Signon Processing
Exit 29 may be called twice in signon processing:
If the SRB function is SIGNON and the SRBXSGN flag is on, exit 29 determines that it has been invoked following external signon.
If the SRB function is SIGNON and the SRBXSGN flag is off, exit 29 determines that it has been invoked following internal signon.
How to Use This Exit for Security Purposes
You can use exit 29 to log security violations or to implement site-specific security enforcement requirements.
Specifically, you can maintain multiple activity bit maps for the DEFAULT application and use exit 29 to move one of the bit patterns to the SONSECTY field of the SON, depending on signon information. If exit 29 has been used to move such a value to SONSECTY, central security, as part of internal signon processing, allocates storage for the DEFAULT activity bit map and moves the bit pattern in SONSECTY there.
After external security and prior to calling internal security, the SON can be accessed using the SRBSGNSON address. The SON is not accessible using the LTESONRC.
Note: For more information about the SON (#SONDS DSECT), see the CA IDMS DSECT Reference Guide.
Considerations
Exit 29 cannot override a security violation.
You must write this exit routine to execute in SYSTEM MODE. The #DEFXIT macro, which adds the exit routine to the system, must perform the following:
|
Copyright © 2014 CA.
All rights reserved.
|
|