z/OS Security Server RACF System Programmer's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACF virtual storage requirements

z/OS Security Server RACF System Programmer's Guide
SA23-2287-00

This table summarizes which functions give control to specified RACF® exit routines.

Figure 1 is a storage map for RACF. Table 1 gives virtual storage requirements for RACF.

Figure 1. RACF storage use
RACF storage use
Table 1. RACF estimated storage usage
Storage subpool Usage How to estimate size
FLPA RACF service routines, if IMS™ or CICS® is using RACF for authorization checking 47,000
RACROUTE REQUEST=FASTAUTH and ICHRTX00 exits Measure by using AMBLIST
PLPA RACF installation exits that are AMODE(24) or AMODE(ANY) Measure by using AMBLIST
RACF RMODE(24) code 750
RACF service routines, if IMS or CICS is not using RACF for authorization checking, unless explicitly removed from SYS1.LPALIB and placed elsewhere for use in FLPA 47,000
RACROUTE REQUEST=FASTAUTH and ICHRTX00 exits Measure by using AMBLIST
RACF range table 4 + (number_of_ranges × 45)
EPLPA RACF installation exits that are AMODE(31) Measure by using AMBLIST
RACF resident modules above 16MB 875,000
SQA RACF communications vector table and extension 2800
Class descriptor table (CNST) 7500 + 58 × number_of_static_installation-defined_classes
ESQA RACF data sharing control area 300 (when enabled for sysplex communication)
RACF token table 2408 bytes (when enabled for sysplex communication)
Class descriptor table (CNSX) (number_of_classes_IBM_supplies × 28) + (number_of_static_installation-defined_classes × 58) + 26

For z/OS® V2R1, IBM® supplies 233 classes, so the size of the CNSX is 6550 + (number_of_static_installation-defined_classes × 58). If you install a PTF that adds classes, you must recalculate this number.
RACF identity cache communication vector (RCVI) 6880
LSQA ACEE and related storage
Note:
  1. Applications can place this storage in a different subpool.
  2. Applications can create multiple ACEEs in this and other storage subpools.
 400 + installation_data_length + terminal_installation_data_length+ application_installation_data + (52 for every 78 temporary data sets, rounded up to the next multiple of 52)

If the address space was dubbed a z/OS UNIX process, add: 52 + (number_of_connected_groups_with_GIDs × 4)

Add 112 bytes if the user has CLAUTH for a class with a POSIT value over 127.

If the user is identified by an identity context reference, add: 40 + length_of_authenticated_user_name + length_of_registry_name + length_of_host_name + length_of_authentication_mechanism_OID. The maximum value of the sum is 949.
ELSQA Connect group table 64 + (48 × number_of_groups_connected)
RACF storage tracking table 3500
RACROUTE REQUEST=LIST profiles
Note: Applications can place these profiles in a different storage subpool.
 2108 + (number_of_profiles_in_class × 16) + (number_of_unique_generic_profile_prefix_lengths × 24) + (number_of_generic_profiles × 4) + (number_of_resident_profiles × (10 + average_profile_size + (1.5 × class_max_profile_name_size))) for each class if GLOBAL=YES is not specified
CSA RACF database control structures (DCB, DEB, templates) 4600 + (number_of_BAM_blocks × 6) + (364 x number_of_RACF_primary_data_sets)
RACF subsystem control blocks 3500
ECSA RACF data set descriptor table and extension 168 + (896 × number_of_RACF_primary_data_sets)
RACF ICB (non-shared DB) 4096 per RACF database if the database is not shared and is not on a device marked as shared, 0 otherwise
RACF global access tables 27,640 + 2 × (18 + number_of_entries × (6 + (1.5 × max_profile_name_size)))
RACF program control table 28 + (number_of_program_profiles × average_program_profile_size) + (number_of_controlled_libraries × 50)

To find the average_program_profile_size, use the following formula:

54 + (average_number_of_access _entries × 9) + (average_number_of _conditional_access_entries × 17) + (average_number_of_libraries × 52)
RACF resident data blocks For each primary data set: 3248 + (4136 × number_of_database_buffers) If you are using sysplex communication, for each backup data set add: 3248 + (4136 × number_of_database_buffers × 2)
Dynamic parse tables 92,835 + (number_of_custom_field_definitions x 500)
SETROPTS GENLIST profiles 52 + (number_of_profiles_in_class × 16) + (number_of_resident_profiles × (10 + average_profile_size + (1.5 × class_max_profile_name_size)))
Alias-related template extension 1296
RACF program verification module (IRRPVERS) 500,000
User private below 16MB RACF transient storage 122 bytes while a RACF service is running
User private above 2G Generic profile memory objects Minimum of 2 MB for each generic profile list in use for the address space
Note:
  1. Large profile lists (containing thousands of profiles) might require 3 MB or more each.
  2. This storage is not subject to the MEMLIMIT of the job and does not reduce the amount of storage available for the user's use.
Parent topic: Storage estimates

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014