Data set template for the RACF database

The data set template describes the fields of the data set profiles in a RACF® database.

NOT programming interface information

ACL2VAR
AUDITQF
AUDITQS

CATEGORY
FIELD
FLDCNT

FLDFLAG
FLDNAME

FLDVALUE
NUMCTGY

End of NOT programming interface information

Note:

Application developers should not depend on being able to use RACROUTE REQUEST=EXTRACT for the BASE segment fields on any security product other than RACF. These products are expected to support only such segments as DFP and TSO.
The TME segment fields are intended to be updated by Tivoli® applications, which manage updates, permissions, and cross-references among the fields. The TME fields should only be directly updated on an exception basis. See z/OS Security Server RACF Command Language Reference for formats of the field data as enforced by the RACF commands. Use caution when directly updating TME fields, as the updates might be overridden by subsequent actions of Tivoli applications.

The contents of the data set template are as follows:

Template							Field being described
Field name (character data)	Field ID	Flag 1	Flag 2	Field length decimal	Default value	Type
DATASET	001	00	00	00000000	00
ENTYPE	002	00	00	00000001	04	Int	The number (4) corresponding to data set profiles.
VERSION	003	00	00	00000001	01	Int	The version field from the profile. Always X'01'.
CREADATE	004	00	20	00000003	FF	Date	The date the data set was initially defined to RACF; 3-byte date.
AUTHOR	005	00	00	00000008	FF	Char	The owner of the data set.
LREFDAT	006	01	20	00000003	FF	Date	The date the data set was last referenced; 3-byte date.
LCHGDAT	007	01	20	00000003	FF	Date	The date the data set was last updated; 3-byte date.
ACSALTR	008	01	00	00000002	FF	Int	The number of times the data set was accessed with ALTER authority.
ACSCNTL	009	01	00	00000002	FF	Int	The number of times the data set was accessed with CONTROL authority.
ACSUPDT	010	01	00	00000002	FF	Int	The number of times the data set was accessed with UPDATE authority.
ACSREAD	011	01	00	00000002	FF	Int	The number of times the data set was accessed with READ authority.
UNIVACS	012	20	00	00000001	00	Bin	The universal access authority for the data set. Bit Meaning when set 0 ALTER access 1 CONTROL access 2 UPDATE access 3 READ access 4 EXECUTE access 5–6 Reserved for IBM's use 7 NONE access
FLAG1	013	20	00	00000001	00	Bin	Identifies whether the data set is a group data set. If bit 0 is on, the data set is a group data set.
AUDIT	014	20	00	00000001	00	Bin	Audit Flags. Bit Meaning when set 0 Audit all accesses 1 Audit successful accesses 2 Audit accesses that fail 3 No auditing 4–7 Reserved for IBM's use
GROUPNM	015	00	00	00000008	FF	Char	The current connect group of the user who created this data set.
DSTYPE	016	20	00	00000001	00	Bin	Identifies the data set as a VSAM, non-VSAM (or generic), MODEL or TAPE data set. Bit Meaning when set 0 VSAM data set (non-VSAM if this bit is set to 0) 1 MODEL profile 2 Type = TAPE when set on 3–7 Reserved for IBM's use
LEVEL	017	00	00	00000001	FF	Int	Data set level.
DEVTYP	018	00	00	00000004	FF	Bin	The type of device on which the data set resides; only for non-model, discrete data sets.
DEVTYPX	019	00	00	00000008	FF	Char	The EBCDIC name of the device type on which the data set resides; only for non-model, discrete data sets.
GAUDIT	020	20	00	00000001	00	Bin	Global audit flags. (Audit options specified by a user with the AUDITOR or group-AUDITOR attribute.) Bit Meaning when set 0 Audit all accesses 1 Audit successful accesses 2 Audit accesses that fail 3 No auditing 4–7 Reserved for IBM's use
INSTDATA	021	00	00	00000000	00	Char	Installation data; maximum length = 255.
GAUDITQF	025	00	00	00000001	FF	Bin	Global audit FAILURES qualifier. The AUDITQS, AUDITQF, GAUDITQS, and GAUDITQF fields have the following format: Value Meaning when set X'00' Log access at READ level X'01' Log access at UPDATE level X'02' Log access at CONTROL level X'03' Log access at ALTER level
AUDITQS	022	00	00	00000001	FF	Bin	Audit SUCCESS qualifier.
AUDITQF	023	00	00	00000001	FF	Bin	Audit FAILURES qualifier.
GAUDITQS	024	00	00	00000001	FF	Bin	Global audit SUCCESS qualifier.
WARNING	026	20	00	00000001	00	Bin	Identifies the data set as having (bit 7 is on) or not having the WARNING attribute.
SECLEVEL	027	00	00	00000001	FF	Int	Data set security level.
NUMCTGY	028	10	00	00000004	00	Int	The number of categories.
CATEGORY	029	80	00	00000002	00	Bin	A list of numbers corresponding to the categories to which this data set belongs.
NOTIFY	030	00	00	00000000	00	Char	User to be notified when access violations occur against a data set protected by this profile.
RETPD	031	00	00	00000000	00	Int	The number of days protection is provided for the data set. If used, the field will be a two-byte binary number.
ACL2CNT	032	10	00	00000004	00	Int	The number of program and user combinations currently authorized to access the data set.
PROGRAM	033	80	00	00000008	00	Char	The name of a program currently authorized to access the data set, or a 1-byte flag followed by 7 bytes reserved for IBM's use.
USER2ACS	034	80	00	00000008	00	Char	User ID or group.
PROGACS	035	80	00	00000001	00	Bin	The access authority of the program and user combinations.
PACSCNT	036	80	00	00000002	00	Int	Access count.
ACL2VAR	037	80	00	00000000	00	Char	Additional conditional data, 9-byte length, in which the 1st byte tells what kind of access is allowed and the remaining 8 bytes contain the data.
FLDCNT	038	10	00	00000004	00		Reserved for IBM's use.
FLDNAME	039	80	00	00000008	00		Reserved for IBM's use.
FLDVALUE	040	80	00	00000000	00		Reserved for IBM's use.
FLDFLAG	041	A0	00	00000001	00		Reserved for IBM's use.
VOLCNT	042	10	00	00000004	00	Int	The number of volumes containing the data set.
VOLSER	043	80	00	00000006	00	Char	A list of the serial numbers of the volumes containing the data set.
ACLCNT	044	10	00	00000004	00	Int	The number of users and groups currently authorized to access the data set.
USERID	045	80	00	00000008	00	Char	The user ID or group name of each user or group authorized to access the data set.
USERACS	046	A0	00	00000001	00	Bin	The access authority that each user or group has for the data set. Bit Meaning when set 0 ALTER access 1 CONTROL access 2 UPDATE access 3 READ access 4 EXECUTE access 5–6 Reserved for IBM's use 7 NONE access
ACSCNT	047	80	00	00000002	00	Int	The number of times the data set was accessed by each user or group.
USRCNT USRNM USRDATA USRFLG	048 049 050 051	10 80 80 A0	00 00 00 00	00000004 00000008 00000000 00000001	00 00 00 00	Int	Reserved for installation use. Reserved for installation use. Reserved for installation use. Reserved for installation use.
SECLABEL	052	00	00	00000008	00	Char	Security label.

Field name	Field ID	Flag 1	Flag 2	Combination field IDs					Type
The following are the COMBINATION fields of the data set template.
DEFDATE	000	40	00	004	000	000	000	000	Char	Combination.
AUTHDATE	000	40	00	004	000	000	000	000	Char	Fields.
OWNER	000	40	00	005	000	000	000	000	Char
UACC	000	40	00	012	000	000	000	000
ACL2	000	40	00	033	034	035	036	037
ACL2A3	000	40	00	033	034	035	037	000
ACL2A2	000	40	00	033	034	035	036	000
ACL2A1	000	40	00	033	034	035	000	000
FIELD	000	40	00	039	040	041	000	000
VOLUME	000	40	00	043	000	000	000	000
ACL	000	40	00	045	046	047	000	000
ACL1	000	40	00	045	046	000	000	000
USERDATA	000	40	00	049	050	051	000	000

Template							Field being described
Field name (character data)	Field ID	Flag 1	Flag 2	Field length decimal	Default value	Type
The following is the DFP segment of the data set template.
DFP	001	00	00	00000000	00		Start of segment fields
RESOWNER	002	00	00	00000008	FF	Char	Resource owner; must represent a user ID or group name

Template							Field being described
Field name (character data)	Field ID	Flag 1	Flag 2	Field length decimal	Default value	Type
The following is the TME segment of the data set template.
TME	001	00	00	00000000	00		Start of segment fields
ROLEN	002	10	00	00000004	00	Int	Count of role-access specifications
ROLES	003	80	00	00000000	00	Char	Role-access specifications