$Sir_Check_Access
Provide interface to an external authorizer
The $Sir_Check_Access function allows installations to code sophisticated interfaces between Model 204 applications and a System Authorization Facility such as RACF or ACF2. $Sir_Check_Access lets a system security administrator maintain controls over "data set names" that identify intended application actions. By calling the function at strategic points, a SOUL program can provide security with arbitrary granularity.
Note: Use of this function requires purchase of the SirSafe add-on product.
Syntax
%rc = $Sir_Check_Access(dsn, prefix, access, log)
Syntax terms
%rc | A numeric return code. | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
dsn | An uppercase "data set name," following the usual rules.
Note: If a prefix is provided, the prefix is concatenated to the beginning of dsn with a separating period (.), and the resulting string length must be less than 44 characters. | ||||||||||||||||||
prefix | A string indicating whether the provided data set name is to be prefixed. Valid values are:
| ||||||||||||||||||
access | Flag indicating desired access: R for read, or W for write. The default is R . | ||||||||||||||||||
log | Flag indicating whether failed access checks should be logged: Y or N . The default is N , which suppresses logging. |
Return codes
$Sir_Check_Access returns an integer value, as follows:
2 | No authorizer running, call ignored |
---|---|
1 | Access not allowed |
0 | Access allowed |
-1 | Resulting dsname (prefix.dsname) invalid |
-2 | Prefix argument invalid |
-3 | Read/write flag invalid |
-4 | Log/nolog flag invalid |