Using IRRUT200

RACF sysplex data sharing: The following discussion about running the IRRUT200 utility refers to the use of RESERVE to serialize access to a RACF® data set while the utility is processing. For RACF sysplex data sharing, if RACF is enabled for sysplex communication and is operating in data sharing or read-only mode, RACF uses ENQ instead of RESERVE.

There are four ways to run IRRUT200:

SYSUT1 is specified, SYSRACF is specified, PARM=ACTIVATE is not specified
If you specify a work data set on the SYSUT1 DD statement, IRRUT200 RESERVEs the RACF data set specified on the SYSRACF statement and copies it to the work data set. After IRRUT200 has copied the data set specified on the SYSRACF statement from the RACF database to the work data set, IRRUT200 releases the RESERVE on the RACF data set.

IRRUT200 then uses the copy to find inconsistencies, and creates a printout identifying them.

The space you specify on your SYSUT1 DD statement must be the same size as that of your RACF data set. The data set that you specify for SYSUT1 cannot be the same data set as the one specified for SYSRACF, and cannot be an active data set on the system on which the utility is running.
Note:
1. This method serializes against the RACF data set only during the copy phase, which is much shorter than the verification phase.
2. At no time is there a RESERVE on the work data set.
SYSUT1 is not specified, SYSRACF is specified
If you do not specify a work data set on the SYSUT1 DD statement, IRRUT200 RESERVEs the RACF data set specified on the SYSRACF statement until IRRUT200 completes its processing. IRRUT200 then creates a printout identifying the inconsistencies it found.

Note: If the RACF data set contains a large number of profiles, the data set might be RESERVEd for a long period of time while the verification is being done.
SYSUT1 is specified, SYSRACF is not specified
If you specify only a work data set on the SYSUT1 DD statement, and do not specify a SYSRACF DD statement, IRRUT200 assumes that a copy of the RACF data set exists in the work data set specified. It is normal to get the informational message, IRR62064, warning you that serialization is not held by the IRRUT200 utility during the verification of the work data set.

Note: The work data set (SYSUT1) can name an active RACF data set. However, because no serialization is held against the work data set, database updates can be performed against the active RACF data set. IRRUT200 might indicate RACF data set errors that are not really errors. Either repeat the procedure during a time period when no updates will be made to the RACF data set, or use one of the first two methods to verify the RACF data set.
SYSUT1 is specified, SYSRACF is specified, PARM=ACTIVATE is specified.
If you specify PARM=ACTIVATE, SYSRACF is an in-use active primary RACF data set and SYSUT1 is the corresponding in-use inactive backup data set. RACF copies SYSRACF to SYSUT1 under serialization, and activates SYSUT1 before releasing the RESERVE. IRRUT200 diagnostics do not run, and SYSIN and SYSPRINT are ignored.

For information regarding the ACTIVATE parameter and sysplex communications mode, see the information on the EXEC statement in Input and output for IRRUT200.

Guideline: Run IRRUT200 using one of the first 3 methods before you run with PARM=ACTIVATE, to verify the primary RACF data set.

Note: When PARM=ACTIVATE is specified with SYSUT1, the data set must be catalogued prior to running this jobstep. The data set can be created and cataloged in an IEFBR14 jobstep prior to this jobstep.

If a RACF data set is RACF-protected, you must have at least Read authority to access the data set. IRRUT200 runs as an APF-authorized program.

When running the IRRUT200 utility under a TMP (terminal-monitor program) that allows multitasking, you cannot have any other active task in your session. Allow IRRUT200 to complete before executing any other TSO command.

IRRUT200 loads a copy of the class descriptor table (CDT) supplied by IBM® (ICHRRCDX) and the installation-supplied class descriptor table (ICHRRCDE). If you have not created ICHRRCDE, ignore any system messages (for example, CSV003I) telling you that it has not been found.