Template:$Sir Check Access
The $Sir_Check_Access function allows installations to code sophisticated interfaces between Model 204 applications and a System Authorization Facility such as RACF or ACF2. $Sir_Check_Access lets a system security administrator maintain controls over "data set names" that identify intended application actions. By calling the function at strategic points, a SOUL program can provide security with arbitrary granularity.
Note: Use of this function requires purchase of the SirSafe add-on product.
Syntax
%rc = $Sir_Check_Access(dsn, prefix, access, log)
Syntax terms
| %rc | A numeric return code. | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dsn | An uppercase "data set name," following the usual rules.
Note: If a prefix is provided, the prefix is concatenated to the beginning of dsn with a separating period (.), and the resulting string length must be less than 44 characters. | ||||||||||||||||||
| prefix | A string indicating whether the provided data set name is to be prefixed. Valid values are:
| ||||||||||||||||||
| access | Flag indicating desired access: R for read, or W for write. The default is R. | ||||||||||||||||||
| log | Flag indicating whether failed access checks should be logged: Y or N. The default is N, which suppresses logging. |
Return codes
$Sir_Check_Access returns an integer value, as follows:
| 2 | No authorizer running, call ignored |
|---|---|
| 1 | Access not allowed |
| 0 | Access allowed |
| -1 | Resulting dsname (prefix.dsname) invalid |
| -2 | Prefix argument invalid |
| -3 | Read/write flag invalid |
| -4 | Log/nolog flag invalid |