File-AID security exit
The File-AID security exit enables you to control access to data sets, including data set inclusion and exclusion, and processing features. The File-AID security exit is not intended to replace any security package that is presently installed at your site.
The File-AID security exit, FASCRXIT, is called from the following points within File-AID:
- Prior to allocating each data set for use
- Prior to opening each data set
- Prior to processing a member.
The security exit returns an indicator and a message to File-AID. The indicator tells File-AID to do one of the following:
- Permit the request
- Permit the request but with altered parameters
- Refuse the request.
The message is a standard default message or the message indicated by your user exit parameters.
Allocation Function Call
The data set allocation call is designated by an A request type to the security exit. You may want to use the A exit type for the following purposes:
- Limit File-AID function access by user ID
- To limit access to a certain data set.
Open Function Call
The data set open call is designated by an O request type to the security exit. You may want to use the O exit call for the following purposes:
- To prevent a certain data set from being updated
- To prevent a certain member of a PDS from being accessed, updated, renamed, or deleted.
Installing The File-AID Security Exit
The File-AID sample data set (hlq.SXVJSAMP) provides sample security exits in Assembler, COBOL, and PL/I, and the JCL to compile and link-edit the exit, as shown in the following table.
Sample Security Exits and JCL
Exit Source Name | Compile/Link JCL Name | Description |
|---|---|---|
XFASXASM | XFALKSXA | Assembler security exit |
XFASXCOB | XFALKSXC | COBOL security exit |
XFASXPLI | XFALKSXP | PL/I security exit |
Additional instructions on modifying the File-AID security exit are included in the exit source members (XFASXASM, XFASXCOB, XFASXPLI) for the FASCRXIT security exit.
Debugging Your Security Exit
A tool is provided with File-AID to help you test and debug your security exit. To activate the Exit Debugger, allocate the FAEXITDD DDNAME to your ISPF session or batch job. You can allocate this DDNAME to return information to an external file you create with the data set requirements of RECFM=FB and LRECL=384.
When the Exit Debugger is activated, all parameters being passed to and from the security exit for each call type are reported to the allocated DD.
To de-activate the Exit Debugger, simply FREE the FAEXITDD DDNAME.
Security Exit Parameter Layouts
The security exit is passed two addresses. The first points to the security exit parameters list which is described in the following table. The second points to the job accounting information.
Input Parms
Security Exit Input Parms Layout
Description | Position | Len | Format | Values |
|---|---|---|---|---|
EXIT CALL TYPE | 1 | 1 | CHAR | A Allocation O Open |
FUNCTION NUMBER | 2 | 1 | CHAR | For Online: 1 Browse 2 Edit 3 Utilities 5 Print 6 Edit selection criteria 7 Edit XREF 8 View record layout 9 Reformat P Compare For Batch: 1 LIST, PRINT, DUMP, COMPARE, etc. (Browse functions) 2 UPDATE, UPDATEALL, etc. (Edit functions) 3 COPY, DROP, USER, etc. (Utilities functions) 5 XMLGEN 9 Reformat |
SUB-FUNCTION NUMBER | 3 | 1 | CHAR | For Utilities: 1 Library 2 Data set 3 Copy 4 Catalog 5 VSAM 6 Search/Update 7 VTOC 8 Interactive 9 Batch submit G XMLGEN For Print: D Data set X XREF S Selection criteria L Record layout A Audit trail |
PANEL OPTION/LINE COMMAND | 4 | 1 | CHAR | |
LOGON IDENTIFIER | 5 | 8 | CHAR | |
EXECUTION TYPE | 13 | 1 | CHAR | B Batch O Online |
FILE TYPE | 14 | 1 | CHAR | D Data file F XREF S Selection criteria C Record layout O Output PDS A Audit file |
FILE ORGANIZATION | 15 | 2 | CHAR | AM VSAM DA BDAM LB Librarian PN Panvalet PO Partitioned PS Sequential |
RECORD FORMAT OF FILE | 17 | 2 | CHAR | F Fixed FB Fixed blocked V Variable VB Variable blocked U Undefined |
ACCESS INTENT | 19 | 1 | CHAR | Y Open for read only. N Open for update. |
File-AID VERSION | 20 | 5 | CHAR | Version number of File-AID in use (i.e. 23.01). |
ALLOCATION TYPE | 25 | 1 | CHAR | Y Data set has been allocated within a batch job via a DD statement. N Data set will be allocated online dynamically. |
USER | 29 | 4 | ADDR | User exit can store any address here and it is saved for the following calls. |
ACCOUNT | 33 | 4 | ADDR | Pointer to user accounting information. |
*** VARIABLE PORTION OF THE INTERFACE *** | ||||
NAME 1 SET | 37 | 1 | CHAR | Y Set N Not set |
NAME 1 MODIFIED | 38 | 1 | CHAR | Y Modifiable N Not modifiable |
NAME 1 VALUE | 39 | 56 | CHAR | |
NAME 2 SET | 95 | 1 | CHAR | Y Set N Not set |
NAME 2 MODIFIED | 96 | 1 | CHAR | Y Modifiable N Not modifiable |
NAME 2 VALUE | 97 | 56 | CHAR | |
NAME 3 SET | 153 | 1 | CHAR | Y Set N Not set |
NAME 3 MODIFIED | 154 | 1 | CHAR | Y Modifiable N Not modifiable |
NAME 3 VALUE | 155 | 56 | CHAR | |
NAME 4 SET | 211 | 1 | CHAR | Y Set N Not set |
NAME 4 MODIFIED | 212 | 1 | CHAR | Y Modifiable N Not modifiable |
NAME 4 VALUE | 213 | 56 | CHAR | |
NAME 5 SET | 269 | 1 | CHAR | Y Set N Not set |
NAME 5 MODIFIED | 270 | 1 | CHAR | Y Modifiable N Not modifiable |
NAME 5 VALUE | 271 | 56 | CHAR | |
VOLSER 1 SET | 327 | 1 | CHAR | Y Set N Not set |
VOLSER 1 MODIFIED | 328 | 1 | CHAR | Y Modifiable N Not modifiable |
VOLSER 1 VALUE | 329 | 6 | CHAR | |
VOLSER 2 SET | 335 | 1 | CHAR | Y Set N Not set |
VOLSER 2 MODIFIED | 336 | 1 | CHAR | Y Modifiable N Not modifiable |
VOLSER 2 VALUE | 337 | 6 | CHAR | |
PASSWORD 1 SET | 343 | 1 | CHAR | Y Set N Not set |
PASSWORD 1 MODIFIED | 344 | 1 | CHAR | Y Modifiable N Not modifiable |
PASSWORD 1 VALUE | 345 | 8 | CHAR | |
PASSWORD 2 SET | 353 | 1 | CHAR | Y Set N Not set |
PASSWORD 2 MODIFIED | 354 | 1 | CHAR | Y Modifiable N Not modifiable |
PASSWORD 2 VALUE | 355 | 8 | CHAR | |
OPTION 1 SET | 363 | 1 | CHAR | Y Set N Not set |
OPTION 1 MODIFIED | 364 | 1 | CHAR | Y Modifiable N Not modifiable |
OPTION 1 VALUE | 365 | 1 | CHAR | |
OPTION 2 SET | 366 | 1 | CHAR | Y Set N Not set |
OPTION 2 MODIFIED | 367 | 1 | CHAR | Y Modifiable N Not modifiable |
OPTION 2 VALUE | 368 | 3 | CHAR | |
OPTION 3 SET | 371 | 1 | CHAR | Y Set N Not set |
OPTION 3 MODIFIED | 372 | 1 | CHAR | Y Modifiable N Not modifiable |
OPTION 3 VALUE | 373 | 2 | CHAR | |
END OF VARIABLES | 375 | 2 | CHAR | END DELIMITER |
FEEDBACK OF USER EXIT | 376 | 1 | CHAR | Y Allow request with no changes. M Allow request with changes. N Request rejected. |
MESSAGE ID | 377 | 8 | CHAR | Message identifier. |