External security packages such as CA ACF2 or RACF can provide minimal or full security checking.
If your organization has an external security package, access to that package is provided through one of the following types of exit:
The following sample security exits are provided:
Is a full security exit for CA ACF2.
Is a full security exit for RACF.
Is a SAF partial security exit.
Sample exits are in the following libraries:
Note: The SMP target zone is updated when you SMP APPLY maintenance, whereas the SMP distribution zone is updated only when you subsequently SMP ACCEPT the maintenance. To ensure that you include all applied maintenance, it is recommended that you use the member in the SMP target zone (dsnpref.pvpref.CC2DSAMP).
Note: On z/VM systems, these exits are on the vmid 193 C-disk.
The NMSAFPX partial security exit is a SAF-based security exit that supports UTOKENS. SAF is the IBM System Authorization Facility and is the agreed standard for the encoding of requests that require security checking.
Note: SAF is documented in IBM's Security Server RACROUTE Macro Reference manual. See the documentation for your security package to find out whether the package supports SAF-formatted calls.
You can make a copy of NMSAFPX and change it to suit your requirements. To assemble and link your exit, use the sample JCL member NMSAFPXL, which is in the same data set as the NMSAFPX sample exit.
The load module created by the link-edit step should be placed in the load library, or in another library concatenated to the load library through the STEPLIB DD statement in the started task JCL. Change the JCL parameters to include SEC=name, where name identifies the load module. This causes the security exit to be used.
Note: The supplied SEC=PARTSAF option is functionally equivalent to the NMSAFPX sample.