In each address space, RACF® keeps lists of generic profiles that have been referenced. Each list comprises one DATASET high-level qualifier, or one general resource class based on the value of KEYQUAL in the class descriptor table (CDT) entry for that class (assuming the class is not RACLISTed in some way). By default, RACF keeps four lists, but you can use the RACF SET command with the GENERICANCHOR operand to specify that RACF keep a larger number of lists.

The KEYQUAL value in the class descriptor table (CDT) entry for a class specifies the number of matching qualifiers that RACF uses when loading generic profile names to satisfy an authorization request if a discrete profile does not exist for the resource. For example, if the value of KEYQUAL is 2, all generic profile names whose two highest-level qualifiers match the two highest-level qualifiers of the entity name are loaded into the user's storage when the user requests access to a resource. If the value of KEYQUAL is 0, profile names for the entire class are loaded and searched. You specify the number of key qualifiers for a class when you define the class. For more information about key qualifiers, see the description of the KEYQUAL operand on the ICHERCDE macro in z/OS Security Server RACF Macros and Interfaces or the description of the KEYQUALIFIERS operand on the RDEFINE command in z/OS Security Server RACF Command Language Reference.

RACF keeps the lists in 64-bit memory objects. The GENERICANCHOR settings for the system or a job and the number of generic profiles in the referenced non-RACLISTed classes or data set high-level qualifiers determine the amount of storage RACF uses. The user's or job's MEMLIMIT does not restrict the amount of storage that RACF uses for the lists.

When RACF needs to reference a set of generic profiles that are not present in the address space, and the maximum number of generic profile lists have been loaded for the address space, RACF deletes the oldest list and replaces it with the new list. The performance impact of doing this can be especially important during the OPEN for a concatenated DD statement. If possible, group data sets with the same high-level qualifier together in the concatenation, so that RACF does not need to read the same list of generics multiple times. Also, consider using global access checking for commonly referenced data sets, because RACF does not need to use the generic profiles if the access is granted by global access checking. Increasing the number of lists can improve performance when an application references more than four different data set high-level qualifiers or general resource classes. However, increasing the number of lists can increase the amount of virtual storage used, especially if you have many profiles for one or more of the resource classes or high-level qualifiers.

When RACF loads the list of generic profile names, significant I/O to the RACF database might occur. Therefore, the number of generic profiles within a data set high-level qualifier or general resource class should be kept as small as practical, which might suggest the use of discrete profiles instead of generics. The performance of generics in RACF is optimized for the case where each generic profile protects several (possibly many) resources for the average case.