Previous Topic

Next Topic

Book Contents

Book Index

IOA Exits

The following table describes the available IOA exits:

Table 273 IOA Exits

Exit

Description

IOAX006

This exit controls the use of the IOA Online facility.

IOAX006 and IOAX009 are twin exits. IOAX006 is invoked by the Online facility before the entry panel is displayed. When signing on to the Online facility through the online monitor, Exit IOAX009 is invoked first, followed by Exit IOAX006). When the Online facility is used without the online monitor, only Exit IOAX006 is invoked). These exits can be used to display a sign‑on window for users to enter their user ID and password or password phrase.

These sign-on modules determine and build the user’s identity for all subsequent actions. They both have similar structure, parameters, return codes and functionality. However, they work in different address spaces. The home address space is the primary address space requesting and receiving services from the online monitor address space using the cross‑memory facilities. Exit IOAX006 is invoked in the online monitor address space (when signing on through the online monitor). Exit IOAX009 is invoked in the home address space for the VTAM monitor, CICS, IMS, CA‑ROSCOE, and so on The control block that represents the user’s identity accompanies the user during the entire session with the IOA Online services facility.

In the online monitor environment, the ACEE control block is stored in the user’s TCB (Task Control Block) and the OCT (Online Control Table). MVS recognizes the ACEE as a standard control block to be used for authorization checks, so that task level security feature is achieved. If the ACEE is not stored in the TCB, either because module IOASE06 is not implemented or because the security package does not build an ACEE (for example, ACF2 in native mode), then all authorization checks for file access are performed using the identity of the online monitor address space. All authorization checks are performed using the correct user’s ACEE. If the ACEE is not built, it is quite likely that the security interface does not perform the authorization checks correctly.

MVS checks authorization for actions such as opening files by first checking if there is an ACEE in the current TCB. If it is found, authorization checks are performed using the TCB’s ACEE. If it is not found, MVS continues to search for the appropriate TCB until the ACEE associated with the address space is found.

In an environment where security is not implemented, Exits IOAX006 and IOAX009 can set the OCTUSER parameter, which is the reference parameter for all programs used as the identity of the current working user ID.

Note: When using the Online facility under CA‑ROSCOE, the IOA security interface receives the CA‑ROSCOE started task procedure and not the user’s own user ID. Therefore the user must sign on both under ROSCOE and under IOA. To avoid forcing the user to sign on twice, special routine IOARROT is provided in the IOA SAMPLE library. This routine retrieves the user ID from the corresponding CA‑ROSCOE control block and places it in IOA so that it can be used for additional security authorizations. Before calling the standard IOA security modules, routine IOARROT must be called from within the IOA Online environment. This call must be placed in an IOA user module that is invoked before module IOASE06 and IOASE09 are called. The user modules that support CA‑ROSCOE for IOA Online facility communication are IOAX006T and IOAX009. These modules reside in the IOA SAMPEXIT library.

User Exit IOAX006T must be called when all IOA functions are performed under native CA‑ROSCOE address space.

Note: When two environments run simultaneously, both user modules are placed in the IOA LOAD library. User Exit IOAX006T is invoked in the online monitor address space as well, but cannot locate the required control blocks because there are no CA-ROSCOE control blocks in the online monitor address space. The started session abends. BMC recommends that these two modules be placed in the special IOA LOAD library that is concatenated to the STEPLIB in the CA-ROSCOE started task procedure before the IOA LOAD library.

IOAX007

This exit can be used to control update of the IOA Conditions file and the Control‑M Resources file. For further details, see the INCONTROL for z/OS Security Guide.

IOAX009

This exit controls entry to the IOA Online facility when working with the Online monitor (under CICS, VTAM, IMS/DC, TSO/ROSCOE cross memory options, COM‑PLETE and IDMS/DC).

User Exit IOAX009T must be called when CA‑ROSCOE communicates with IOA through cross‑memory services. All IOA functions are performed in the separate address space, which is the IOA Online monitor address space (OMON1).

In an environment where security is not implemented, Exits IOAX006 and IOAX009 can set a value for parameter OCTUSER, which is used by all programs as the identity of the current user ID.

For details, see the exit source for Exit IOAX009 and Exit IOAX006, and the description of Exit IOAX006 above.

IOAX012

This exit can be used to control or modify operator commands issued by utilities CTMOPR, CTDOPR and IOAOPR, by Control‑O and by the Control‑M and Control‑D and Control‑V New Day procedures.

IOAX016

Mainframe application server exit. This exit is called when a logon request is made by Control‑D/Page On Demand. The mainframe logon user ID and password from the Control‑D/WebAccess Server Communication Setup menu are passed to the exit. This exit is provided as a dummy load module. The associated security module is IOASE016.

IOAX028

IOA definition screen exit. This exit is invoked each time the user presses the Enter or PF03/PF15 key to exit an IOA definition screen. This exit is relevant for all IOA definition screens (Screens 2, 3.Z, 8, R, M, TR, TV, TP, BM, BR, OR, and C).

IOAX029

IOA Online Sysout or Report Viewing exit. This exit is activated as part of the Online viewing facility invoked for each sysout or report line that is to be displayed on the user terminal. For example, this exit allows translation of unprintable characters. This exit also provides additional features (for example, making special data invisible on the report).

IOAX030

This exit can be used to modify email attributes (such as To, CC, or From) before sending the email text as a sysout to the JES spool.

IOAX031

IOA Log exit. This exit is invoked before a message is written to the IOA Log file. The exit can be used to write the message on other files (SMF, and so on) or to accumulate message statistics.

IOAX032

This exit is invoked in all IOA panels each time an IOA user attempts to perform an operation on a PDS library or member in a PDS library. This exit can deny operations such as accessing a library, listing its directory and browsing, editing or saving a member. The exit is invoked when a user requests to edit JCL members or documentation data through Control‑M/Enterprise Manager. The exit checks authorization and either grants or denies the Edit (or Save) request prior to the performance of these operations by the Control‑M Application Server (CTMAS).

This exit can also be used to enable ‘Forced Browse’ of an IOA PDS member by denying the user Edit authority, but granting the user View (Browse) authority for the requested library or member.

IOAX034

Receives control for every message issued by the IOA Shout facility. This exit can modify the message text, change its destination, or suppress it. This exit can be activated by the Control‑O monitor, the Control‑M monitor or an IOA Functional monitor (used with Control‑M/Tape).

IOAX035

IOA Account Information Extraction exit. This exit is invoked by an INCONTROL product whenever account field information is required. Exit IOAX035 can extract the requested information from different parts of the account field depending on site customization. The exit can be invoked by CDAM when writing directly to a CDAM file, by Control‑D when decollating from a spooler, by Control‑M/Tape when a job’s account field is copied to the Media Database, and so on

IOAX036

IOA Access Method (IOAAM) exit. This exit is invoked whenever program IOADBF is executed, both as an independent utility program and when called internally by IOA Access Method I/O routines. This exit can check for which function it is being called and either grant or deny the request.

IOAX037

IOA translation exit. This exit contains four 256‑byte translation tables for the IOA online routines. This exit can be used to translate IOA screens to any language supported at the site. In addition, it can implement upper casing, special characters sets and other capabilities.

IOAX038

IOA Functional monitor exit. This exit is invoked before writing a request to the Functional monitor queue. The return code of the exit determines whether the request is or is not written. For performance reasons, Exit IOAX038 in the IOA LOAD library is a dummy exit.

IOAX039

IOA Page Separating exit. This exit is invoked during the creation of a CDAM file by a Control‑D decollating mission or during direct writing to a CDAM file by a job. The exit can control page separation in a CDAM file being created.

IOAX040

IOA Utilities Invocation exit. This security exit is invoked by certain IOA

utilities to

  • determine whether the user is authorized to use the utility program
  • determine whether the user is authorized to perform specific functions of the utility

Parent Topic

Exits