RACROUTE



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

RACROUTE

Postby vanz_4u » Tue Jan 11, 2011 10:22 am

Wat is RACROUTE??
Wat is it used for??
vanz_4u
 
Posts: 18
Joined: Thu Nov 04, 2010 9:11 pm
Has thanked: 0 time
Been thanked: 0 time

Re: RACROUTE

 

Re: RACROUTE

Postby dick scherrer » Tue Jan 11, 2011 11:16 am

Hello,

Stop using chatroom slang or your posts/replies will be deleted.

There are already major communication problems due to language issues and the inability of many to clearly post questions/replies. Having people use slang just takes away from the quality of the forum. If you read lots of topics on our forum or others, you will notice that slang is not used by the people who provide the most help.

As far as RACROUTE suggest you find the Security Server RACROUTE Macro Reference manujal and read about this.
Hope this helps,
d.sch.
User avatar
dick scherrer
Global moderator
 
Posts: 6304
Joined: Sat Jun 09, 2007 8:58 am
Has thanked: 3 times
Been thanked: 91 times

Re: RACROUTE

Postby vanz_4u » Tue Jan 11, 2011 12:34 pm

sorry 4 d use of such slang.... thanx 4 d suggestion
vanz_4u
 
Posts: 18
Joined: Thu Nov 04, 2010 9:11 pm
Has thanked: 0 time
Been thanked: 0 time

Re: RACROUTE

Postby steve-myers » Tue Jan 11, 2011 1:10 pm

RACROUTE is an Assembler macro used to interface with the security system for a wide variety of functions such as verifying that a user can access some system resource such as a dataset. The macro itself is quite complex and difficult for a inexperienced Assembler programmer to use. For better or worse, I believe all RACROUTE functions require the caller to be APF authorized.

Both a weakness and a strength of RACROUTE is it very oriented in its definition to the capabilities of the RACF security product. Non RACF system products must translate RACROUTE calls to their security system primitives, which does not always work smoothly. Security products that have primitives that cannot be translated to RACF terms are left out in RACROUTE.

Still, almost all primitive security system interfaces that reasonable programs require can be expressed in RACROUTE, though if my memory is correct RACROUTE cannot be used for tasks like defining a user or system resource for the security system.

Back in the days when I did product support we had a customer that was trying to use RACROUTE in a well defined exit in the product I supported. This customer screwed it up big time; the exit was getting an S0C4 and the customer could not figure out his problem. I rewrote their exit to implement their use of RACROUTE correctly; a major effort which went far beyond something support should do for a customer.

Long before that a shop where I worked was doing ICHINTxx calls (these are RACF primitive macros) in the JES2 main task, which is supposed to be a no no. Once or twice a year this junk locked up the entire JES2 MAS. It was always a major effort to determine the system to IPL to clear the problem. I translated the ICHINTxx calls to RACROUTE and did the actual RACROUTE call in a JES2 subtask, the way it is supposed to be done, and that solved that problem, though I cannot recall if that code was removed as part of a major cleanup demanded by a security consultant.
steve-myers
Global moderator
 
Posts: 1885
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 197 times


Return to Mainframe Security