The security exit is used by the Adabas Audit Data Retrieval started task to protect access to resources within Adabas Audit Data Retrieval.
Each time a function is called within Adabas Audit Data Retrieval, the security exit creates a RACF entity, which is then checked against the best-matching profile defined in RACF in the class $BETA. The security exit is not called directly by the started task, but via the security router (BST00STH). After the security exit has successfully generated the entity, the security router executes the RACROUTE.
The installed security exit module B97UXSEC is fully functional. During subsystem initialization, this module is installed in the ECSA.
The sample security exit is provided in source form and can be modified (see "B97UXSEC: Security exit").
Each entity generated by the security exit includes:
This makes it possible to protect Adabas Audit Data Retrieval resources at different levels:
Using generic profile definitions makes it possible to allow or deny access to entire groups of Adabas Audit Data Retrieval functions or resources.
The Adabas Audit Data Retrieval security exit is started task dependent. This means that different security rules can be defined for each Adabas Audit Data Retrieval subsystem.
For example, you can deactivate all security checking in a test system by making its started task use IEFBR14 as its security module. At the same time, you can protect your Adabas Audit Data Retrieval production system against unauthorized access by making that started task use the security module B97UXSEC.
Access to Adabas Audit Data Retrieval resources and functions is controlled via SAF (System Authorization Facility) calling conventions using RACF (Resource Access Control Facility). If your installation does not support resource access through the SAF interface, modify the sample exit program to meet your security requirements.