z/OS Security Server RACF Auditor's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


How the XML tag names are derived

z/OS Security Server RACF Auditor's Guide
SA23-2290-00

The names of the tags and the syntax of the tags are defined by XML schema document. The schema can be used to validate the data contained in an XML document. The tags appear in the order described by the schema documents. The schema document for RACF® can be found in Sys1.Samplib(IRRSCHEM).

In general, the tag names used in RACF are derived from the corresponding DB2® field names. The rules for converting a field name to a tag name are:
  1. Remove the column name and the first underscore (“_”) from the field name
  2. Capitalize the first letter after each of the remaining underscores in the name. The rest of the characters should be lowercase.
  3. Remove the underscores from the name
The exceptions to this methodology are as follows:
Table 1. XML naming exceptions
DB2 Field Name XML Tag Name
RINI_TERM riniTerm
SECL_LINK eventLink
CAUD_REQUEST_WRITE caudRequestWrite
CAUD_REQUEST_READ caudRequestRead
CAUD_REQUEST_EXEC caudRequestExec
SSCL_OLDSECL oldSecl
<col>logstring logstr
KTKT_PRINCIPAL kerbPrincipal
PDAC_PRINCIPAL pdasPrincipal
any field with RESERVED in the name
Note: no XML tag
ACC_NAME profileName
APPC_NAME profileName
XML interprets certain characters as having a special meaning, such as "<" and ">". If a value contains one of these special characters, which are listed in Table 3, SMF Unload replaces the value with an “entity reference” so that it will not be misinterpreted by an XML parser. Here is an example:
Table 2. XML interpretation of special characters example
Before Value After Value
<subjectDN>cn=John,ou=Smith & Sons,c=us</subjectDN> 
&lt;subjectDN&gt;cn=John,ou=Smith &amp;
 Sons,c=us,&lt;subjectDN&gt;
The special characters are:
Table 3. XML special characters substitutions
Character Substitution symbol
< 
&lt;
& 
&amp;
> 
&gt;
 
&odq;
' 
&apos;

It is possible for a single element or value in the XMLOUT or XMLFORM to cause the length of a record to exceed the maximum 8K limit. SMF Unload breaks the line into two. If the line break would naturally occur in the middle of a tag or entity reference, SMF Unload splits the line before or after the tag or entity reference so that the tag or entity reference is not broken. What this means is that the data value may include a carriage return or line feed that was not originally part of the value. It is up to the application processing the document to detect this condition and concatenate the two lines before passing the element to an XML parser.

Parent topic: Using the RACF SMF data unload utility to generate XML documents

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014