I need to write an exit to see if users are allowed to logon to this LPAR. I need to send a message when they are not allowed to logon and abort the logon.

Document ID : KB000014914
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

What do I need to setup to be able to stop a user from logging on to a particular lpar.

I want to give him a new message that explains why he is not allowed to logon to that system

Answer:

I would recommend that you use the SEVPOST exit. (System Entry Validation Postprocessing Exit)

If you need to see data from the logonid record use field SXPORECA in ACFSFXP parameter list.
The ACVALD parameter block is addressed by field SXPFRBA in ACFSFXP parameter list.


If you are setting a message you should set  SXPFXMSG (x'80') in SXPFLAG2.
Also the message should be moved to ACVMSG address passed in the ACVALD.
And ACVSMSG (x'04') should be set in ACVRFLG in ACVALD.

The format of message should be llll0000message

where llll is halfword length of message plus 4 bytes for header.

So if you want  "ABC1234 access prevented by system security" to be the message sent to user ,
the format of the message area passed in ACVMSG is ..

x'0034' x'0000' c'ABC1234 access prevented by system security'

If you just set Return code 8 and do not need a message - the user will receive message
ACF01035 SEVPOST EXIT FAILED REQUEST