
Security call exit points
Security call exit points occur before and after CICSĀ® Configuration Manager performs a security check.
CICS Configuration Manager can perform security checks for access to API commands and resource definitions. For details, see Restricting access to API commands and resource definitions.
The security call exit points invoke the program CCVXSECI. CICS Configuration Manager calls CCVXSECI before and after each security check.
The CCVXSECI program that is supplied with CICS Configuration Manager does nothing. You can write your own CCVXSECI program to customize security checking.
For example:
- In the call before each security check:
- Change the parameters that form the SAF resource key that is to be used in the SAF call
- Bypass the SAF call
- Suppress the call to CCVXSECI after the security check
- Perform your own security check or other site-specific processing
- In the call after each security check:
- Override the outcome of the SAF call, permitting or denying access based on your own rules
- Display messages about the outcome of the SAF call
- Perform your own security check or other site-specific processing
To write and use your own CCVXSECI program:
- Copy and edit one of the sample CCVXSECI programs supplied in the SCCVSAMP library: CCVX0001, CCVX0004, or CCVX0010.
- Compile and link your CCVXSECI program, ensuring the SCCVSAMP sample CCVX0008 is accessible as a copybook.
- Place your CCVXSECI program in a program library that meets the
following criteria:
- The program library is in the DFHRPL concatenation of the CICS region that runs the CICS Configuration Manager server.
- In the DFHRPL concatenation, the program library precedes the CICS Configuration
Manager library SCCVLINK.
SCCVLINK contains the supplied version of the CCVXSECI program.
- Newcopy the CCVXSECI program in the CICS Configuration Manager server CICS region.
Placing your version of CCVXSECI in DFHRPL ahead of the supplied version, and then performing a newcopy, causes CICS to use your version.
To revert to using the supplied CCVXSECI program that does nothing:
- Remove your CCVXSECI program from the program library in the DFHRPL concatenation.
- Newcopy the CCVXSECI program in the CICS Configuration Manager server CICS region.
