Under CICS

Customizing the CA Ideal Environment › Maintaining Authorizations › Authorization Exit Programs › Under CICS

Under CICS

Because batch and CICS environments use different program linkages, you must create separate programs for batch and on-line or have different option blocks for batch and on-line. In either case, you must maintain separate LOAD/CORE-IMAGE libraries for each environment.

Since an authorization exit is executed frequently, consider performance implications carefully.

CA Ideal passes the exit program the information shown in the following illustration. (The sample programs contain 88-level names with appropriate values for fields containing CA Ideal's internal codes.)

 01  ID-PARM-1.
     05  ID-EXIT-TYPE                    PIC X.
     05  ID-SYNC                         PIC X(03).
     05  ID-RELEASE-LEVEL                PIC X(04).
     05  ID-USER-SHORT-ID                PIC X(03).
     05  ID-USER-NAME                    PIC X(32).
     05  ID-TERMINAL-ID                  PIC X(04).
     05  ID-TRANSACTION-ID               PIC X(04).
     05  ID-TP-MONITOR-CODE              PIC X(01).
     05  ID-OPERATING-SYSTEM-CODE        PIC X(01).
     05  ID-NETWORK-ID                   PIC X(8).
 01  ID-PARM-2.
     05  ATZ-RESULT                      PIC S9(04) COMP.
     05  FUNC-ATZ-CODE                   PIC S9(04) COMP.
     05  REQUIRED-SUBJECT-LEVEL          PIC S9(04) COMP.
     05  REQUIRED-OBJECT-LEVEL           PIC S9(04) COMP.
     05  USER-ATZ-DATA.
         10  GLOBAL-ATZ.
             15 FILLER                   PIC X(03).
             15 IDL-ADM                  PIC X.
             15 FILLER                   PIC X.
             15 IDL-USR                  PIC X.
             15 PRT-ADM                  PIC X.
             15 DVW-ADM                  PIC X.
         10  SUBJECT-ATZ.
             15  SUBJECT-SYSTEM          PIC X(3).
             15  CONTROL-ATZ             PIC X.
             15  UPDATE-ATZ              PIC X.
             15  READ-ATZ                PIC X.
             15  RUN-PROD                PIC X.
             15  FILLER                  PIC X.
             15  FILLER                  PIC X.
             15  UPDATE-REPORT           PIC X.
             15  UPDATE-PANEL            PIC X.
         10  OBJECT-ATZ.
             15  OBJECT-SYSTEM           PIC X(3).
             15  CONTROL-ATZ             PIC X.
             15  UPDATE-ATZ              PIC X.
             15  READ-ATZ                PIC X.
             15  RUN-PROD                PIC X.
             15  FILLER                  PIC X.
             15  FILLER                  PIC X.
             15  UPDATE-REPORT           PIC X.
             15  UPDATE-PANEL            PIC X.
     05  SUBJECT-ENTITY-DATA.
         10  ENTITY-TYPE                 PIC X(03).
         10  ENTITY-OCCUR-NAME           PIC X(32).
         10  ENTITY-OCCUR-VERSION        PIC X(03).
         10  ENTITY-OCCUR-STATUS         PIC X(04).
     05  OBJECT-ENTITY-DATA.
         10  ENTITY-TYPE                 PIC X(03).
         10  ENTITY-OCCUR-NAME           PIC X(32).
         10  ENTITY-OCCUR-VERSION        PIC X(03).
         10  ENTITY-OCCUR-STATUS         PIC X(04).
     05  REJECT-MESSAGE                  PIC X(70).

ID-EXIT-TYPE

Specifies the type of exit that is invoked for this command. A 1 indicates that an authorization exit is invoked. Other values are reserved for future use.

ID-USER-SHORT-ID

The one- to three-character CA Ideal user short ID defined for the user who is executing the command.

ID-USER-NAME

The name of the CA Ideal user who is executing the command.

ID-TERMINAL-ID

In CICS-The CICS ID of the terminal where the command is executed.
In batch-Hex zeros.

ID-TRANSACTION-ID

In CICS-The CICS signon transaction ID.
In batch-The value IDEA.

ID-TP-MONITOR-CODE

C-Represents CICS.
Y-Represents batch.

ID-OPERATING-SYSTEM-CODE

O-Represents z/OS.
D-Represents DOS/VSE.

ID-NETWORK-ID

In CICS, the VTAM LU name, if the terminal is VTAM. The system ID and terminal ID of the Terminal Owning Region (TOR), if the terminal is MRO but not VTAM; low values in all other cases.

ATZ-RESULT

This field is passed to the exit program. The exit program can modify it. Possible values are:

0-The command is accepted.
4-The command is denied.
6-The command was disabled.

Any other values returned to CA Ideal are ignored.

FUNC-ATZ-CODE

A numeric value representing a functional keyword. "Authorization Table" appendix contains all functions and their associated values.

REQUIRED-SUBJECT-LEVEL

A numeric value representing the authorization necessary in the current system. The possible values and their respective authorization levels follow:

254-BYPASS
255-DISABLE
1-DATAVIEW-ADMIN
3-PRINT-ADMIN
4-RUN-PROD
5-CONTROL
6-UPDATE
7-READ
8-UPDATE-RPT
9-UPDATE-PNL

REQUIRED-OBJECT-LEVEL

A numeric value representing the authorization necessary in the object system. The possible values and their respective authorization levels are:

1-ADMIN
2-DATAVIEW-ADMIN
3-PRINT-ADMIN
4-RUN-PROD
5-CONTROL
6-UPDATE
7-READ
8-UPDATE-RPT
9-UPDATE-PNL

USER-ATZ-DATA

Specifies whether the user has each global privilege and authorization level in the current and object (if needed) systems.

IDL-ADM-CA Ideal Administrator (Y or N)
IDL-USR-CA Ideal User (Y or N)
PRT-ADM-Print Administrator (Y or N)
DVW-ADM-Dataview Administrator (Y or N)
SUBJECT-SYSTEM-Subject System Name
OBJECT-SYSTEM-Object System Name
CONTROL-ATZ-Control Authorization (Y or N)
UPDATE-ATZ-Update Authorization (Y or N)
READ-ATZ-Read Authorization (Y or N)
UPDATE-REPORT-Update Report Authorization (Y or N)
UPDATE-PANEL-Update Panel Authorization (Y or N)

SUBJECT-ENTITY-DATA

Information about the subject entity that is passed to the exit for certain functions.

ENTITY-TYPE-Type of entity
ENTITY-OCCUR-NAME-Name of the entity
ENTITY-OCCUR-VERSION-Version of the entity. For all entities in Production status except panels, this is blank.

ENTITY-OCCUR-STATUS-Production (P) or Test (T) status of the entity. For panels, this is blank.

The data passed to exit programs by each function is shown in the following table.

Functional Keyword	Subject Data	Object Data
ALTER-PROGRAM	Program/Panel	None
CATALOG-DATABIEW	Dataview	None
RUN	Main Program	None
RUN-PROD	Main Program	None
RUN-PROD-USING-PANEL	Main Program	None
RUN-PROD-USING-PROGRAM	Main Program	Program

Note: For functions RUN-PROD-USING-PANEL and RUN-PROD-USING-PROGRAM, the subject entity is the program specified on the RUN command. The authorization applies only if the main program is in Production status.

OBJECT-ENTITY-DATA: Information about the object entity passed to the exit program for certain functions. Entries are the same as for SUBJECT-ENTITY-DATA.
REJECT-MESSAGE: A 70-byte field where the user exit program can specify a message that CA Ideal displays in the message line if the function is denied or disabled.