I need to write an exit to see if users are allowed to logon to this LPAR. I need to send a message when they are not allowed to logon and abort the logon.

book

Article ID: 14914

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction



What do I need to setup to be able to stop a user from logging on to a particular lpar.

I want to give him a new message that explains why he is not allowed to logon to that system

Environment

Release: ACF2..001AO-16-ACF2
Component:

Resolution

I would recommend that you use the SEVPOST exit. (System Entry Validation Postprocessing Exit)

If you need to see data from the logonid record use field SXPORECA in ACFSFXP parameter list.
The ACVALD parameter block is addressed by field SXPFRBA in ACFSFXP parameter list.


If you are setting a message you should set  SXPFXMSG (x'80') in SXPFLAG2.
Also the message should be moved to ACVMSG address passed in the ACVALD.
And ACVSMSG (x'04') should be set in ACVRFLG in ACVALD.

The format of message should be llll0000message

where llll is halfword length of message plus 4 bytes for header.

So if you want  "ABC1234 access prevented by system security" to be the message sent to user ,
the format of the message area passed in ACVMSG is ..

x'0034' x'0000' c'ABC1234 access prevented by system security'

If you just set Return code 8 and do not need a message - the user will receive message
ACF01035 SEVPOST EXIT FAILED REQUEST