Optim™ includes a mechanism that allows you to use a custom exit to apply an additional layer of security to Optim, beyond the extensive security already included in the product, to meet any security requirements mandated by your company or government regulations. This additional security layer is accomplished through a client-supplied exit that identifies who can use Optim and the executables that each user can run.
Client-supplied exits are called user-supplied exits in Optim to differentiate them from the default exit supplied with Optim. The Optim default exit allows all requests by all users, within the security limitations defined for each user or user group using the security functionality included in Optim.
The default exit is intended for clients who do not need to use a user-supplied exit, although it may also be used temporarily until you create your own, customized exit. If you use the default exit, Optim user security functions as it did prior to release 6.5.
If you implement a user-supplied exit, that exit will augment the extensive security functionality already included in Optim.
Regardless of the exit you use (i.e., the default exit or your own exit), you must “sign” that exit before you can use Optim. After the exit is signed, Optim will invoke the exit at initialization and call it at various “exit points” in the program to determine whether Optim should continue with what it was about to do. An exit point is a point within a program at which an exit routine can take control to do some external function. The exit allows you to:
Optim will call the exit at each exit point to verify that the user's request meets your company standards, such as verifying that the user has permission to run a given executable. The first exit point occurs when the user launches Optim. If you use the exit to provide external security, that exit point determines whether the user has permission to access the product. If the user has the appropriate permissions, the user can continue; if not, Optim will terminate the user's session after displaying an appropriate error message. (See the Optim Initialization Exit Programmer's Guide for a complete list of the Optim exit points.)
Beginning with Optim release 6.5, a "signed" exit must exist to use Optim, whether the exit is the Optim default exit or a user-supplied exit. To sign an exit, you must enter the “company credentials” supplied to your organization when you received Optim. Your company credentials consist of your Optim-supplied company ID, Name, and Password. The Optim setup process will automatically request these credentials during installation, so you can sign an exit.
The method of signing an exit in a Windows environment differs from the method used in a UNIX environment:
The Optim default exit is delivered unsigned to ensure: