Technical Notes › Security Considerations › Review the OPUSEX Exit

Review the OPUSEX Exit

CA OPS/MVS also has an assembler language installation authorization exit that performs the same functions as the security rules. This exit resides in member OPUSEX of &hlq.CCLXASM; it contains extensive comments describing how it works and possible changes. For more information, see the OPUSEX member.

With the increase in the number of security events in CA OPS/MVS over the past few years, a single character is no longer sufficient to represent each type of security event. Prior to CA OPS/MVS Version 4.4, the CA OPS/MVS security exit OPUSEX was called during each operation for security checking and the operation identifier was passed in a variable OPAURQTY. The same applies to security rules and the security event variable SEC.OPAURQTY. SEC.OPAURQTY is a one-byte character field that contains a character representing the function or operation that CA OPS/MVS is about to perform.

In CA OPS/MVS Version 4.4, a new field, OPAURQTX, was added which contains a 1- to 10-character string that describes the operation. In security rules, the corresponding variable is SEC.OPAURQTX. The OPAURQTY field and SEC.OPAURQTY variable will be maintained for compatibility. All new security operations in CA OPS/MVS have the OPAURQTY field and SEC.OPAURQTY variable set to a blank. The new OPAURQTX field and SEC.OPAURQTX variable contain the name of the operation.

Note: CA strongly recommends that, once you no longer need to support releases of CA OPS/MVS prior to Version 4.4, you modify your security exits and security rules to use the new 10-byte fields. OPAURQTX and SEC.OPAURQTX are left-justified and padded with blanks.

Valid values for OPAURQTX and SEC.OPAURQTX are: