Previous Topic: #SECHECK ParametersNext Topic: #SECRTT

Syntax for Assembler Macros#SECHECK#SECHECK Usage

#SECHECK Usage

Copying the Security Request Block

To issue the #SECHECK macro, you must copy the Security Request Block. This block is mapped by the #SECRB DSECT.

Note: For more information, see the documentation of #SECRB.

Multiple Security Checks in a Single Request

The #SECHECK function supports multiple security checks in a single request if all the resources are of the same type. For example, all authorities needed by an access module can be validated in a single request.

An application can request that authorization for a list of resources be checked. This reduces the number of calls to the security manager.

Validating Parameters

#SECHECK does not validate parameters based on resource type. All parameters supplied on the call are stored in the SRB. The security system ignores information which is irrelevant to the resource type.

#SECHECK Return Codes

The return code for a security check is stored in register 15 and the SRBXR15 field of the SRB. The following table lists the possible return codes provided by the internal security system in response to a #SECHECK macro:

Code Resource grouping

Meaning Resource

00

Request was successful; access allowed

04

Resource occurrence or object (user, group, etc.) not found

08

User not authorized; access denied

12

Interface/parameter list error

16

Resource access threshold violation

When using the multiple security check option, register R15 contains return code 0 only if the user has access to all the resources. The security system places the return codes for the individual resources in the area (RTNADDR) supplied by the caller.

Return Codes for a List of Resources

To check the return code for each entry in a list of resources supplied with a security request, you must copy #SECRLST. When using this option, determine the results from all list entries if the return code is not 12 (invalid request). R15=0 does not necessarily mean the user is authorized for all entries in the list.

External Return Codes

If the external security system return code is 4, the issuer of #SECHECK will receive a return code of 8. Other non-zero codes from the external system will be passed through as is. The CA IDMS internal security system is not used as a fallback system for external security.