RACF database initialization utility program (IRRMIN00)

This utility initializes a RACF® database, and updates the database copy and the in-storage copy of the database templates. You can use it in three ways:

Use PARM=NEW to initialize a new, empty database.
Use PARM=UPDATE to update an existing database with a new set of RACF templates.
Use PARM=ACTIVATE to replace the in-storage templates with a new set of RACF templates.

For information on templates, including information about how to apply them to your system when they are updated by a new release or PTF, see Database templates.

If you have split your database, you must run IRRMIN00 against each data set defined in your data set name table (ICHRDSNT). If you have a backup database, you must also run IRRMIN00 against each data set in the backup database.

You can use the SET LIST command to display the level of the templates that your system is using. The level information consists of a 7-character FMID or APAR level, followed by a space, followed by an 8-digit release level and an 8-digit APAR level. The 8-digit release level and the 8-digit APAR level are separated by a period (rrrrrrrr.aaaaaaaa). Each new RACF release increments the release level, and each APAR that ships templates increases the APAR level. The IRRMIN00 utility uses this level information to determine the relationship between different copies of the templates on the system. In the following SET LIST output, HRF7708 is the FMID of the RACF release, 00000020 is the 8-digit release level, and 00000010 is the 8-digit APAR level.

RACF STATUS INFORMATION:
         TEMPLATE VERSION          - HRF7708 00000020.00000010
         DYNAMIC PARSE VERSION     - HRF7708

When comparing templates to determine which is the most recent, RACF first compares the 8-digit representations of their release levels. The templates having the highest release level are considered to be the latest. If the release levels are the same, RACF compares the 8-digit representations of the APAR levels, and the templates having the highest APAR level are considered to be the latest. For templates earlier than FMID HRF7708, which do not have 8-digit representations of the release level and APAR level, the release level and APAR level are each assumed to be 00000000. Note that RACF does not consider the 7-character FMID or APAR level when comparing the templates.

If you install a new release of RACF or a PTF that requires a re-IPL and contains an update to the RACF templates (shipped in CSECT IRRTEMP2), you should first run the latest version of IRRMIN00 with PARM=UPDATE to write the templates from IRRTEMP2 to the RACF database. Then do the required re-IPL. During the IPL, RACF initialization builds the in-storage templates from the updated database templates. If you were installing a new release, remember to include a STEPLIB to the new SYS1.LINKLIB in your JCL for IRRMIN00 PARM=UPDATE.

Note: If you do not run IRRMIN00 to update your database before you re-IPL, RACF initialization determines that the database does not have the latest level of the templates, ignores the templates in the database, and automatically uses the latest templates shipped in the CSECT IRRTEMP2. However, until you run IRRMIN00 you might get error messages from IRRUT200 or BLKUPD during some operations, and the RACF database unload utility will not unload new fields. Also products that read the database directly and process the database template blocks will have problems with profile information related to the new templates.

If you install a PTF that contains an update to the RACF templates but does not require a re-IPL (because all the modules in the PTF reside in LINKLIB), first run IRRMIN00 with PARM=UPDATE to update the database templates. Then run IRRMIN00 with PARM=ACTIVATE to have RACF replace the in-storage templates with the database templates. An IPL is not required.

You do not have to enable RACF in order to run IRRMIN00 with PARM=NEW or PARM=UPDATE.

Attention:

If RACF is enabled for sysplex communication, whenever you need to run IRRMIN00 against a database that is active on a system that is a member of the RACF data sharing group, always run the utility from a system in the group. If you do not, you might damage your RACF database, or receive unpredictable results from the utility.
When IRRMIN00 JCL includes a STEPLIB other than SYS1.LINKLIB, it must be an APF-authorized library.
The IRRMIN00 JCL must specify the real name of the data set; do not specify an alias.
If you are sharing a database between systems at different levels, only run the latest level of IRRMIN00. For example, if a z/OS® V1R8 system is sharing a database with a z/OS V1R7 system, only run the V1R8 version of IRRMIN00. You can run the utility either on the V1R8 system, or on the V1R7 system using JCL that includes a STEPLIB to an APF-authorized library that contains the V1R8 version of IRRMIN00.

The ADDCREATOR and NOADDCREATOR keywords on the SETROPTS command determine whether RACF adds the user ID that creates a profile to the access list for the profile. The initial setting of these keywords depends on whether your database is new or old. If you run IRRMIN00 with PARM=NEW, the initial setting is NOADDCREATOR. If you run IRRMIN00 with anything other than PARM=NEW, RACF retains the current value of ADDCREATOR or NOADDCREATOR. For compatibility and migration reasons, ADDCREATOR is the default if no prior specification of ADDCREATOR or NOADDCREATOR has occurred. For more information on the ADDCREATOR and NOADDCREATOR keywords on the SETROPTS command, see z/OS Security Server RACF Command Language Reference.