The customer is using a modified SARSECUX exit, to be able to use external security with a View database.

Eventually, the customer will translate the current security to CHA1VIEW, but it will depend on the implications. 

What should be the method used?

Release : 14.0

Component : CA View

Where another customer had View sysout groups (reports) defined as subgroups and dataset profiles in RACF, they needed to use the PERMIT command. 

In RACF, using discrete dataset profiles to protect reports was an older method of security, whereas using a more general resource class is preferable. 

In View, the use of resource classes is with use of CHA1VIEW. 

A modified SARSECUX exit (from CVDEOPTN(SARSECU1) as source) is security done with pseudo-dataset rules. 

The modified exit in r14.0 would be the same as the modified exit in r12.2.