I am trying to understand how document level permission exit does work with ESM. I see for Cabinet, Folder & AG we have associated RACF class defined in ESM and the RACROUTE call populates the corresponding resource name to be protected and get it validated against the ESM. But for documents, the manual does not state any resource class to be defined. Do we need to define any resource class for document level access? If it is not required then how CMOD understands which all documents the user has access. The IBM supplied sample ARSUSECZ module, it seems it allows access to all the documents. Any inputs on this are appreciated. Thank you !!
