Using user exit security – Landmark Lighting D20R2-06/99 User Manual

1.

Ensure that IBM’s system authorization facility (SAF) is active.

SAF always is active if you are using RACF, but you may need to
perform a manual step to activate SAF with other software
packages. For example, to activate SAF in CA-ACF2, the SAF
bit needs to be turned on in the CA-ACF2 global system
options.

2.

Define product user IDs to your external security product.

If you have not already done so, define product user IDs to your
security product. Refer to the security product documentation
for complete instructions.

3.

Verify the logon access level of the $DEFAULT profile.

If you want to restrict access to a Landmark product to certain user
IDs, ensure that the Landmark-supplied $DEFAULT profile has
an access setting of NONE for the SIGNON function. Read
about product secured functions (including the SIGNON
function) in the function code table, later in this chapter. When
a user logs on, the system checks the user’s profile to see if
SIGNON access is defined. If it is, the logon attempt is
successful. If no profile can be found for the user, the Internal
Security $DEFAULT profile is used.

4.

Activate the External Security simplified sign-on feature for
user logon access.

Enter S at the USER LOGON prompt on the Security Definitions
Menu. Note that you cannot enter S at the FACILITIES prompt.
The External Security simplified sign-on feature is valid only
for control of user logon.

Once you have activated the simplified sign-on feature, all users
already defined to your external security package with valid user
IDs and passwords can log onto the product. If you want to allow
only a subset of these users to log on, you can control user logon
further using profiles and the SIGNON function (as described in
Step 3).

Using User Exit Security

You can create your own security system through user exits.
Member $USRXIT of the Strategic Services sample library contains
a sample security user exit and sample JCL with which to assemble
and link the exit.

To implement User Exit Security, follow these steps:

1.

Create the user exit.

Landmark PerformanceWorks MVS products point register 1 to
storage containing the information mapped in member
$USRPRMS of the Strategic Services sample library. Your user
exit should pass a return code in register 15. If the return code
is zero (0), access to the function is granted. If the return code
is a nonzero number, access to the function is denied.

Using User Exit Security

Chapter 2: Security Definitions

2-8