|
The ICHEINTY macro provides a direct interface to the RACF® database through the RACF manager. Its function is to
locate or update
a profile in the RACF database.
You can use
the ICHEINTY macro with the ICHETEST and ICHEACTN macros
to test and conditionally update fields in RACF profiles.
The ICHEINTY macro must
be issued from a task running in non-cross-memory
mode with no locks held. The issuing task must be authorized (APF-authorized,
in system key 0-7, or running in supervisor state).
You can
reference only one segment with each ICHEINTY call; however,
you can access more than one field in a segment using a single call.
If you need to retrieve or update more than one segment, issue a separate
ICHEINTY for each segment.
When activated, automatic direction
of application update propagates
ICHEINTY ADD, ALTER, DELETE, DELETEA, and RENAME updates to selected
remote nodes. Only ICHEINTY requests with return code 0 are propagated.
If your installation uses RACF remote
sharing facility (RRSF) to propagate password changes to other (target)
nodes, you should be aware that attempts to change the password of
a revoked user on a target node fails. Therefore, if your installation
has implemented automatic password direction or password synchronization,
make sure that each target user ID is resumed before changing
the password.
The format of the ICHEINTY macro definition is: [label] ICHEINTY [operation]
[,TYPE='GRP' | 'USR' | 'CON' | 'DS' | 'GEN']
[,ENTRY=entry-address]
[,ENTRYX=extended-entry address]
[,CLASS=class-address]
[,FLDACC=NO | YES]
[,RELEASE=number | (,CHECK) | (number,CHECK)]
[,RUN=YES | NO]
[,ACEE=acee address]
[,WKSP=subpool number]
[,CHAIN=parm-list address]
[,DATAMAP=OLD | NEW]
[,SEGMENT='segment name']
[,VOLUME=volume-address]
[,ACTIONS=(action-address,…)]
[,TESTS=(test-addr[,[AND],test-addr]...)]
[,WKAREA=workarea-address]
[,NEWNAME=newname-address]
[,NEWNAMX=extended-newname-address]
[,RBA=rba-address]
[,FLDEF=fldef-address]
[,OPTIONS=(list-of-options)]
[,SMC=YES | NO]
[,GENERIC=NO | YES | UNCOND]
[,DATEFMT=YYDDDF | YYYYDDDF]
[,MF=I | L | (E,address)]
[,INDEX=ASIS | ONLY | MULTIPLE]
- operation
- Specifies the operation
that RACF is
to perform on the specified profile. The valid operation values are
ADD, ALTER, ALTERI, DELETE, DELETEA, FLDEF, LOCATE, NEXT, NEXTC, and
RENAME. This operand is positional and is required if you specify
MF=I or MF=L.
Some operations are based on assumptions. If a requested
operation violates an assumption, the operation fails.
- ADD
- Defines entities to RACF by
adding profiles to the RACF database.
ADD processing does the following:
Some considerations regarding ADD
are:
- ALTER
- Alters field values in an existing
profile on the RACF database.
ALTER processing:
- Locates the profile on the RACF database.
- Performs the tests that
the ICHETEST macros specify, if any macros
are present. The TESTS operand on the ICHEINTY macro names the tests
to be performed.
- Alters field values as specified by associated
ICHEACTN macro
instructions.
- Writes the profile back to the primary and backup
(if active) RACF databases.
Some considerations regarding ALTER are: - If the profile
is too large to be rewritten to the same location
in the RACF database, RACF allocates new space, writes
the profile to the new location, and updates the index entry for the
profile to point to the new location.
- Do not use ICHEINTY
to ALTER (or ALTERI) repeat group count fields.
These fields are updated automatically whenever a repeat group changes
its size. Repeat group count fields can be read.
- ALTERI
- Similar to the ALTER operation
with the following exceptions:
- Fields are updated in place.
ICHEINTY sets a return code of 68
(X'44') and fails the operation if the altered profile has
a length which differs from that of the original profile.
- The
update to the field occurs with only a shared lock on the RACF database. Therefore, other
ALTERI, LOCATE, NEXT, or NEXTC requests can take place simultaneously.
- You can specify the RBA of the level one index block, containing
the pointer to the profile to be altered. This improves processing
efficiency.
- ALTERI processing writes the profile back to the
primary RACF database only;
it does not
write to the backup, unless you have otherwise specified in the data
set name table (ICHRDSNT). RACF uses
ALTERI to update statistical information in profiles. ALTERI should
only be used with fields that are marked in the template as statistical.
For more information about the RACF database
templates, see RACF database templates.
- DELETE
- Deletes a profile from the RACF database.
DELETE processing:
- Deletes the index entry for the entity.
- Frees space used for the profile on the RACF database.
Some considerations
regarding DELETE are: - You cannot specify the ACTIONS operand
with the DELETE operation.
- For TYPE=‘DS’, ICHEINTY sets a
return code of 60 (X'3C')
if you specified VOLUME and a profile containing the specified volume
in its VOLSER list was not found. ICHEINTY sets a return code of 56
(X'38') if you do not specify VOLUME and there are multiple
profiles for the entity name.
- ICHEINTY deletes the profile
for a TAPEVOL only when the volume
being deleted is the last in its set. Otherwise, the macro deletes
the index entry and removes the volume from the VOLSER list.
- DELETEA
- Deletes all the members of
a TAPEVOL set from the RACF database.
It is similar to the DELETE operation
with the following exception:
- If you specify ‘TYPE=GEN’ and
the class is TAPEVOL, ICHEINTY deletes
the profile along with the index entry for each volume in the set.
- FLDEF
- Builds the area that
the FLDEF operand uses. The area contains
control information and the list generated by the TESTS and ACTIONS
operands.
Some assumptions and considerations regarding FLDEF are: - FLDEF creates a separate area for ICHEACTN and ICHETEST pointers,
which can be referenced from one or more ICHEINTY macros.
- You
can maintain the field definition area with the MF=E form
of ICHEINTY FLDEF.
- When referencing the field definition area
from a remote ICHEINTY,
specify FLDEF=field-definition-area, and do not specify any
of the ACTION, FLDEF, TESTC, and TESTM options on the OPTIONS keyword.
- LOCATE
- Retrieves zero
or more fields from an existing RACF profile
in the RACF database.
LOCATE processing:
- Locates the profile in the RACF database.
- Performs the tests that
the ICHETEST macros specify, if any macros
are present. The TESTS operand on the ICHEINTY macro names the tests
to be performed.
- Retrieves field values as specified by associated
ICHEACTN macro
instructions into the caller-specified work area.
Some
assumptions and considerations regarding LOCATE are: - ICHEINTY
sets a return code of 44 (X'2C') if the values
being returned are too large for the work area provided and you did
not specify the WKSP operand, which would have provided you with an
additional work area.
- For TYPE=‘DS’, ICHEINTY set a return
code of 60 (X'3C')
if you specify VOLUME and one or more profiles were found for the
data set name but none contained the specified volume name in its
VOLSER list. ICHEINTY sets a return code of 56 (X'38') if
you do not specify VOLUME and there are multiple profiles for the
entity name.
- ICHEINTY sets a return code of 52 (X'34')
if an ICHETEST
macro specified by the TESTS operand failed. The LOCATE operation
terminates at this point.
- NEXT
- Retrieves zero or more fields from the profile whose name follows
the name specified by the ENTRY or ENTRYX operand. The NEXT operation
updates the area pointed to by the ENTRY or ENTRYX operand with the
name of the profile just completed. NEXT processing:
- Locates
the profile of the first entity of the specified type
that follows the specified entity in the RACF database.
- Performs the tests that
the ICHETEST macros specify, if any macros
are present. The TESTS operand on the ICHEINTY macro names the tests
to be performed.
- Retrieves field values as specified by associated
ICHEACTN macro
instructions into the caller specified work area.
Some
considerations regarding NEXT are: - If the entity retrieved
has the same name as the entity that follows
it in the RACF database, ICHEINTY
sets the duplicate data set name count. The count becomes 2 if it
was zero on entry; otherwise, the count increases by one. The count
is zero if the entity is not a duplicate of the one that follows it.
- ICHEINTY sets a return code of 44 (X'2C') if the values
being returned do not fit into the provided work area, unless you
specified WKSP which would provide you with an additional work area.
- For qualified types (data set, general, and connect), the located
entity must have the same high-level qualifier as the specified entity.
Otherwise, the macro sets a return code of 12 (X'0C').
- For
data set profiles, the qualifier includes the first period
in the name.
- For TYPE=‘DS’, if the duplicate data set name
count in the work
area is not zero, ICHEINTY locates the specified data set name. (That
is, if the duplicate data set count equals N, then the macro locates
the Nth occurrence of the specified name. If there are less than N
occurrences of the specified name, the same process occurs as when
the duplicate data set count is zero; ICHEINTY locates the profile
of the first entity of the specified type that follows the specified
entity in the RACF data set.)
If you want to locate the first DATASET profile with a name greater
than or equal to the name specified by ENTRY= or ENTRYX, you can do
so by setting the duplicate data set name count to one.
- If
an ICHETEST macro specified in the TESTS operand failed, ICHEINTY
sets a return code of 52 (X'34') and the NEXT operation terminates.
- If you specify a segment other than BASE on this ICHEINTY, or
on any ICHEINTY in a chain, the RACF manager
skips any profiles that do not contain an occurrence of the segment.
Normal processing (TESTS on ICHEINTY, ICHEACTN) resumes with the next
profile containing the segment. This simplifies the process of finding
users who are defined to TSO, for example.
- NEXTC
- is similar to the NEXT operation with the
following exception:
- For qualified types (data set, general,
and connect), ICHEINTY
does not make the high-level qualifier check. For unqualified types
(group and user), NEXTC processing is identical to NEXT processing.
The qualifier for a general profile is the 8-character class name.
Guideline: Do not use NEXTC with general resource classes,
because it might have unpredictable results. When you reach the end
of the profiles for the class that you specified with the CLASS keyword,
ICHEINTY retrieves the first profile for the next general resource
class that has profiles. However, you have no way of determining what
class that profile belongs to, and in some cases you might not even
know that ICHEINTY switched to a new class.
- RENAME
- renames a data set, SFS file, or SFS directory
entry in the RACF database.
You
must specify
the NEWNAME or NEWNAMX operand.
When renaming resources in the
FILE and DIRECTRY class, use ENTRYX and NEWNAMX.
- TYPE= ‘GRP’ | ‘USR’ | ‘CON’ |
‘DS’ | ‘GEN’
- Specifies the type of the entry
as GROUP (‘GRP’), USER (‘USR’),
CONNECT (‘CON’), DATASET (‘DS’), or general resource (‘GEN’).
The
final parameter list the SVC uses as a request to the RACF manager must include a value for TYPE.
- ENTRY= entry-address
- Specifies
the address of a 1-byte entry name length field followed
by the entry name. The NEXT and NEXTC operations update this field.
When using NEXT or NEXTC you should initialize the field in this way.
To initialize the entry field, point to a field that has a length
of 1 and a field of X'00'. The area that is pointed to must
allow for 255 bytes of data to be returned.
The final parameter
list the SVC uses as a request to the RACF manager
must include a value for ENTRY or ENTRYX.
- ENTRYX= extended-entry-address
- Specifies the extended
entry name field for long name support.
You must specify the address of two 2-byte fields, followed
by the entry name.
- The first 2-byte field specifies
a buffer length which can be
from 0 to 255 bytes. This length field only refers to the length of
the buffer that contains the entity name; it does not include the
length of either length field.
- The second 2-byte field specifies
the actual length of the entity
name. This length field includes only the length of the actual name
without any trailing blanks; it does not include the length of either
length field.
As with ENTRY, the NEXT and NEXTC operations
update this field.
The area that is pointed to must allow for a name which is of maximum
entry length. ENTRY and ENTRYX are mutually exclusive keywords.
Guideline: Use
the ENTRYX keyword to save storage, because it allows you to code
to the specific amount of space that you need.
The final parameter
list the SVC uses as a request to the RACF manager
must include a value for ENTRY or ENTRYX. To use the ENTRYX keyword,
you must specify RELEASE=1.9.
- CLASS=
class-address
- Specifies the address of an
8-character class name (left-justified
and blank-padded, if necessary.) The class name is required when TYPE=‘GEN’
and is ignored for all other types.
- FLDACC= NO | YES
- Specifies the
presence or absence of field level access checking.
If you specify FLDACC=YES, the RACF database
manager checks to see that the user running your program has the authority
to retrieve or modify the fields that have been specified in the ICHETEST
and ICHEACTN macros associated with the current ICHEINTY macro.
Note: - For field level access checking to occur, you must specify RELEASE=1.8
or later when you code the ICHEINTY and associated ICHETEST and ICHEACTN
macros. RACF bypasses field
access checking for any ICHETEST or ICHEACTN macro for which RELEASE=1.8
or later has not been specified. In addition, before your program
executes, the security administrator must activate the FIELD class
and process the FIELD class using SETROPTS RACLIST. If you code FLDACC=YES
and the field class is not active and has not been processed using
SETROPTS RACLIST, the request fails with a return code of 60.
- In
addition, the security administrator must issue the RDEFINE
and PERMIT commands to designate those users who will have the authority
to access the fields designated in the ICHETEST and ICHEACTN macros.
- If you specify FLDACC=NO or omit the parameter, the manager does
not perform field level access checking.
- If you specify FLDACC=YES
for the ADD, ALTER, or LOCATE operation
with segment name CSDATA and field name CSCDATA or CSKEY, the data
associated with the CSKEY field (if present in the ICHEINTY parameter
list) is used instead of the template name for field level access
checking. This allows field level access checking to use the FIELD
profile USER.CSDATA.custom-field-name or GROUP.CSDATA.custom-field-name for
authorization, similar to the authorization that occurs for the RACF commands.
- RELEASE=number
- RELEASE=(,CHECK)
- RELEASE=(number,CHECK)
- Specifies the release number. The release numbers you can specify
with the ICHEINTY macro are 7790, 7780, 7770,
7760, 7750, 7740, 7730, 7720, 7709, 7708, 7707, 7706, 7705, 7703,
2608, 2.6, 2.4, 2.3, 2.2, 2.1, 1.9.2, 1.9, 1.8.1, 1.8, or 1.7.
When you specify 1.8 or
later, the RACF manager returns
data using the 1.8 user work area format (documented in the topics Using ICHEACTN to retrieve data when ICHEINTY has DATAMAP=NEW and Using ICHEACTN to retrieve data when the ICHEINTY has DATAMAP=OLD). In effect,
DATAMAP defaults to DATAMAP=NEW if you specify RELEASE=1.8 or later
and omit DATAMAP.
If you specify RELEASE=1.7, or allow the release
parameter to default to 1.7, the RACF manager
returns data using the 1.7 user work area format. In this case, DATAMAP
defaults to DATAMAP=OLD if you omit it.
If you want to use 1.8
parameters, and the 1.7 user work area format, you must specify RELEASE=1.8
or later and DATAMAP=OLD.
To use the 1.8 parameters, you must
specify RELEASE=1.8 or later. If you specify RELEASE=1.8 or later
the ICHEINTY parameter list must be in modifiable storage.
The
default is RELEASE=1.7. Table 1. ICHEINTY
parametersParameter |
RELEASE=1.7 and earlier |
RELEASE=1.8 or later |
---|
ACEE |
|
X |
ACTIONS |
X |
X |
CHAIN |
|
X |
CLASS |
X |
X |
DATAMAP |
|
X |
ENTRY |
X |
X |
FLDACC |
|
X |
FLDEF |
X |
X |
GENERIC |
X |
X |
INDEX |
|
X |
MF |
X |
X |
NEWNAME |
X |
X |
OPTIONS |
X |
X |
RBA |
X |
X |
RELEASE |
X |
X |
RUN |
|
X |
SEGMENT |
|
X |
SMC |
X |
X |
TESTS |
X |
X |
TYPE |
X |
X |
VOLUME |
X |
X |
WKAREA |
X |
X |
WKSP |
|
X |
- RUN= YES |
NO
- Specifies whether to activate or deactivate the parameter list.
If you specify RUN=NO, the RACF manager
ignores the request designated by this ICHEINTY macro although it
processes the CHAIN parameter. If you specify RUN=YES, RACF processes this request and also processes
the CHAIN parameter. Thus you can use the RUN parameter to deactivate
or activate one or more ICHEINTY parameter lists without having to
rearrange the chaining.
- ACEE= acee-address
- Specifies an ACEE that RACF uses
to perform field authorization checking. If you specify FLDACC=YES,
but omit ACEE, the RACF manager
uses the appropriate ACEE pointed to either by the TCB or the ASXB.
- WKSP= subpool-number
- Specifies
the number of a storage subpool. If the area specified
by the WKAREA parameter is too small to contain the field data retrieved
from LOCATE, NEXT, or NEXTC operation, the RACF manager obtains an additional work area
from this subpool in the callers key. The RACF manager returns the address of the work
area in the fullword at offset 60 (X'3C') in the ICHEINTY
parameter list. If additional storage is not needed, the RACF manager sets the fullword to zero. It is
your responsibility to free any returned work area; its subpool number
is stored in the one byte field at offset 29 (X'1D') in the
parameter list, its address in the fullword at offset 60 (X'3C')
in the ICHEINTY parameter list and its size in the first fullword
of the work area itself.
Note: - Even if you specify WKSP, you
must still provide a work area at
least 30 bytes long using the WKAREA operand.
- If the RACF manager is
unable to obtain a large enough work area, an "out-of-storage" abend
occurs.
- WKSP does not apply for ICHEINTY requests with INDEX=MULTIPLE.
Guidelines: - Simplify your coding by specifying
WKSP and you can avoid processing
a return code of 44 (X'2C').
- Carefully select a subpool
because MVS™ processes
certain subpools differently. In particular, your results might be
unpredictable if you specify subpool 0, subpool 250, or any subpool,
such as 227–231 or 241, that is documented in z/OS MVS Programming: Assembler Services Guide as
having a storage key of USER.
- CHAIN= parm-list address
- Specifies
a parameter list that another ICHEINTY macro created.
This chained parameter list executes after the current one within
the same manager invocation. If several ICHEINTY requests pertain
to the same profile, you can use CHAIN to string the requests together.
This chaining improves performance because the RACF manager retrieves the profile only once
for the entire chain. Each ICHEINTY parameter list in the chain must
contain the same values for the following parameters: ACEE, CLASS,
ENTRY or ENTRYX, GENERIC, RBA, SMC, TYPE, and VOLUME.
Note: - Because
there are no connect profiles in the database, chained
ICHEINTY requests do not work as anticipated. Therefore, if you chain
two ICHEINTY requests with TYPE=CON, the second ICHEINTY is ignored.
- You cannot specify NEWNAME for any request in the chain.
- When
you chain ICHEINTY macros together, they must obey the following
rules:
- The first ICHEINTY in the chain must be a LOCATE, NEXT/NEXTC,
ALTER/ALTERI, ADD, or a DELETE with SEGMENT specified.
- The
remaining ICHEINTY macros in the chain must be:
- LOCATE, if
the first was LOCATE
- NEXT/NEXTC, if the first was NEXT or
NEXTC
- ALTERI, if the first was ALTERI
- ALTER, if the
first was ALTER, DELETE, or ADD
- DELETE, with SEGMENT, if the
first was ALTER or DELETE
- The RACF manager return
code is set to the highest return code of any of the individual ICHEINTY
macros that have been chained together.
- For chained ICHEINTY
parameter lists, within the bounds of any
one chain of ICHEINTYs, an alias field (indicated by the alias bit
in the fields template definition) can be referenced, either directly
or indirectly (for example, delete of a segment containing a defined
alias field, or delete of a profile with a segment containing a defined
alias field) multiple times. If there are multiple references, there
can be tests on any of these references except for the last reference.
If a parameter list chain does not meet this requirement, return code
36 (X'24') reason code 11 (X'B') is returned.
If
an FLDEF test is specified for a delete or alter ICHEINTY whose last
action on a specific alias field lacks a test, then unless there is
an ICHEINTY parameter list earlier in the chain which also references
the same alias field, the FLDEF test does not count as a test on the
last alias reference. This is because if the FLDEF test on the ICHEINTY
fails, none of the actions in the ICHEINTY parameter list will be
executed.
- DATAMAP=
OLD | NEW (default depends on RELEASE)
- DATAMAP determines the format of the work area returned for a
LOCATE, NEXT, or NEXTC operation and the format of the data you provide
when you issue an ICHEINTY request to update the database. You can
specify the DATAMAP parameter in several different combinations to
tailor it to your system:
- SEGMENT= ‘segment
name’
- Specifies that this request is to apply to a specific segment
in the profile. If you do not specify a specific segment, the default
is the BASE segment. If you specify a segment other than the BASE
segment, the operation cannot be ADD, DELETEA, or RENAME. If you specify
a segment, the DELETE operation deletes only that segment. If you
do not specify a segment, the DELETE operation deletes the entire
profile. If you specify a segment, the ALTER operation alters only
that segment. If you do not specify a segment, the ALTER operation
updates the BASE segment. See RACF database templates for
a list of valid segment names.
- VOLUME=
volume-address
- Specifies the address of a 6-character
volume identifier. When
TYPE=‘DS’, the volume identifier differentiates among data sets with
the same name. When the operation is ADD, TYPE=‘GEN’, and the class
is TAPEVOL, the volume identifier specifies the name of an existing
tape volume set to which the current entry is to be added. In all
other cases, ICHEINTY ignores the volume identifier.
- ACTIONS= (action-address,.....)
- Specifies
the address of one or more ICHEACTN macros that determine
which profile fields the RACF manager
is to retrieve or update. For a description of the ICHEACTN macro,
see ICHEACTN macro. You can specify up to 255 actions.
Note: If
you specify ACTION on the execute form of the ICHEINTY macro, the
number of actions you specify should agree with the number of actions
you have specified on the list form of the macro (or the FLDEF list,
if you use that instead). If the numbers do not match, you must specify
the OPTION keyword on the execute form to update the counts, using
the appropriate ACTION operands.
- TESTS=
(test-addr[,[AND],test-addr]...)
- Allows some preliminary
testing on selected conditions before
the execution of the operation specified by the ICHEINTY macro. You
must specify an odd number of items (including the connector ‘AND’).
Each address must be the address of a list built by the ICHETEST macro.
See ICHETEST macro.
Note: If you specify TEST on
the execute form of the ICHEINTY macro, the number of tests you specify
should agree with the number of tests you have specified on the list
form of the macro (or the FLDEF list, if you use that instead). If
the numbers do not match, you must specify the OPTION keyword on the
execute form to update the counts, using the appropriate TESTC or
TESTM operands.
- WKAREA= wkarea-address
- Specifies the address of the area into which the retrieved values
are to be placed. This operand is valid and required only for the
LOCATE, NEXT, and NEXTC operations. The work area must be at least
30 bytes long.
When you specify INDEX=MULTIPLE, the work area must
be at least 4K long. See Table 3 for
the format of the work area for INDEX=MULTIPLE.
For a related
operand, see the description of WKSP.
Table 2. Format for the ICHEINTY work area when
INDEX=MULTIPLE is not specifiedOffset (hex) |
Length |
Description |
---|
0 |
4 |
Length
of entire work area |
4 |
6 |
RBA return area |
A |
1 |
Flags |
B |
1 |
Reserved |
C |
4 |
Duplicate data set
name count |
10 |
8 |
Reserved |
18 |
4 |
Length of data
returned into work area |
1C |
variable |
Field value return area |
Table 3. Format for the ICHEINTY
work area when INDEX=MULTIPLE is specifiedOffset (hex) |
Length |
Description |
---|
0 |
4 |
Length
of entire work area |
4 |
20 |
Reserved |
18 |
4 |
Length of data returned into work area |
1C |
2 |
Number of returned profile names |
1E |
1 |
Flag:- Bit
- Meaning
- 1
- No more profiles after this set.
|
1F |
1 |
Reserved |
20 |
variable |
Start of list of returned profile names. Format
of returned profile name:- Length
- Description
- 1
- Length of
profile name
- variable
- Profile name
|
- NEWNAME= newname-address
- Specifies the address
of the new name to be assigned to the entity
named by the ENTRY operand. The name must be left-justified and followed
by at least one blank.
Whereas ENTRY is a 1-byte length field followed
by a name, NEWNAME specifies an entry name which is not preceded
by a 1-byte length field. This operand is valid only for the RENAME
operation.
When renaming resources in the FILE and DIRECTRY
class, use ENTRYX and NEWNAMX. If NEWNAME is used, the name must be
39 characters long or less.
- NEWNAMX=
extended-newname-address
- Specifies the address
of the new name to be assigned to the entity
in the ENTRYX keyword. The format of the new name is the same as that
of the ENTRYX keyword.
- The first 2-byte field
specifies a buffer length which can be
from 0 to 255 bytes. This length field refers only to the length of
the buffer that contains the entity name; it does not include the
length of either length field.
- The second 2-byte field specifies
the actual length of the entity
name. This length field includes only the length of the actual name
without any trailing blanks; it does not include the length of either
length field.
NEWNAMX and NEWNAME are mutually exclusive
parameters, as
are NEWNAMX and WKAREA. The NEWNAMX keyword is valid only for the
RENAME operation. To use NEWNAMX, you must specify RELEASE=1.9 or
later.
- RBA= RBA-address
- Specifies
the address of a 6-byte relative byte area (RBA) of
a level one index that points to the profile to be altered. This keyword
is valid only for an ALTERI request. RBA should specify the value
returned by a previous LOCATE operation.
- FLDEF=
fldef-address
- Specifies a remote list of ACTION/TEST
pointers set up by an ICHEINTY
with the FLDEF operation.
- OPTIONS= (list-of-options)
- Provides more direct control of the code generated by the EXECUTE
form of the macro. This operand is valid only with the EXECUTE form
of the macro.
Specify one or more of the following options, separated
by a comma:
- NOPRO
- Does not generate any
prologue code; that is, the instructions
that set the type of request, such as ADD, by updating the first two
bytes of the parameter list, are not generated.
- FLDEF
- Generates the FLDEF pointer relocation code to point
to the list
of ACTION and TEST pointers in the ICHEINTY macro expansion.
- ACTION
- Generates code to set the number
of ACTIONs that are to be performed.
- TESTC
- Generates code to set the number of TESTs that are to be performed.
- TESTM
- Generates code to set both actual
and maximum number of TESTs.
- NOEXEC
- Does
not generate the SVC instruction to invoke the RACF manager. This subfield is useful with the
EXECUTE form of the macro to allow partial setup of the parameter
list.
- SMC= YES | NO
- Controls
the ‘set-must-complete’ operation mode of the RACF manager. YES is the default
mode of operation.
Note: If an ICHEINTY request is propagated by automatic
direction of application updates, the SMC=NO keyword is not propagated.
The ICHEINTY request always runs as SMC=YES on the target node.
- GENERIC= NO |
YES | UNCOND
- Informs the RACF manager
whether the given entity name is a generic name.
- NO
- Never generic.
The RACF manager
does not attempt to convert the name specified by the ENTRY operand
from external to internal form. GENERIC=NO is the default.
- YES
- Can be generic.
The RACF manager
attempts to convert the name specified by the ENTRY operand from external
to internal form. The RACF manager
does the conversion only if the entity name contains a generic character
(an * or %). If the entity name does not contain a generic character,
processing continues without any conversion.
- UNCOND
- Always generic.
The RACF manager
unconditionally converts the name specified by the ENTRY operand from
external to internal form.
For RENAME, the same process applies
also to the NEWNAME operand.
- DATEFMT= YYYYDDDF | YYDDDF
- Specifies
the format of the date that you want to extract or replace.
If
you specify DATEFMT=YYYYDDDF with a LOCATE, NEXT, or NEXTC operation, RACF retrieves date fields in the
format ccyydddF, where cc=19
or cc=20. If an ADD, ALTER, or ALTERI operation
is specified, RACF accepts
dates in the format ccyydddF, where cc=19
or cc=20, unless the data being retrieved is in
an uninitialized state in the RACF database,
in which case 0000000F or FFFFFFFF is returned. When accepting a date
as input to place into the database, RACF validates
that cc is 19 or 20 and that: - For cc=19,
70 < yy <
= 99
- For cc=20, 00 < = yy <
= 70
If you specify DATEFMT=YYDDDF, RACF retrieves and accepts dates in the three-byte
format.
To specify the DATEFMT keyword, you must specify Release=1.9.2
or a later release number.
DATEFMT=YYDDDF is the default.
- MF= I |
L | (E,address)
- Specifies the form
of the macro as either INLINE, LIST, or EXECUTE.
The
INLINE form generates code to branch around the parameter list. In
the MF=I form, the label names the instruction preceding the parameter
list. MF=I is the default.
The LIST form reserves and initializes
storage.
The EXECUTE form modifies a list defined elsewhere.
If you use the EXECUTE form, you must specify the address of the list
to be modified. The address can be an A-type address or register (2
through 12).
- INDEX= ASIS | ONLY | MULTIPLE
- Specifies
how RACF processes
the generic profile names in the index blocks of the RACF database.
The INDEX option is supported
only for NEXT requests. Do not specify INDEX with GENERIC=NO or with
TYPE values other than GEN or DS.
- ASIS
- Specifies normal RACF processing.
This is the default value.
- ONLY
- Specifies
that RACF should
return the name of the next generic profile with the same HLQ, or
the next generic profile for the same class, but should not return
the content of any profile.
- MULTIPLE
- Specifies
that RACF should
return more than one generic profile name. RACF returns the name of the next generic profile
with the same HLQ or the next generic profile for the same class,
and the names of subsequent generic profiles in the same level 1 index
block with the same HLQ or class name.
With INDEX=MULTIPLE, you
must specify WKAREA to supply a work area that is at least 4K in length
to hold the returned profile names. See Table 3 for
the work area format.
Note: RACF places the last returned name in the ENTRY
or ENTRYX field, as it normally does for NEXT operations.
Return codes from the ICHEINTY macro
If you did not specify RELEASE=1.8 or later, Register 15 contains
the ICHEINTY return code and Register 0 contains the reason code.
If you specified RELEASE=1.8 or later, Register 15 contains the highest
return code from any of the ICHEINTY macros; Register 0 contains the
corresponding reason code. The return code for each ICHEINTY macro
appears in the fullword at offset 52( X'34') in each ICHEINTY
parameter list; the corresponding reason code appears in the fullword
at offset 56( X'38'). - Hex (Dec)
- Description
- 0 (0)
- The requested operation was successful.
- 4 (4)
- If the reason code is 0, a recovery environment could not be established;
if the reason code is 4, an invalid function code was specified. (Valid
functions are RACLIST, RACXTRT, and ICHEINTY. The parameter list was
not valid for any of those functions.)
- 8 (8)
- An attempt was made to add an entry to the RACF database but an identical entry already
exists.
- C (12)
- For requests other than NEXT or NEXTC, the specified entry did
not exist.
For NEXT or NEXTC requests, no subsequent entries satisfied
the request.
- 10 (16)
- Reserved for IBM's use.
- 14 (20)
- The RACF database did not
contain enough space to satisfy the request.
- 18 (24)
- An I/O error occurred while accessing the RACF database.
- 1C (28)
- RACF was not active at
the time of the request.
- 20 (32)
- The request type requires a user work area but the area was not
provided (the address in the parameter list was 0) or for a RENAME,
neither NEWNAME nor NEWNAMX was supplied.
- 24 (36)
- The input parameter list or the associated ACTION and TEST blocks
contain an error. When this code is returned, the possible reason
codes are:
- Hex (Dec)
- Explanation
- 1 (1)
- The entry name or new name is not valid
- 2 (2)
- Action specified with DELETE or DELETEA
- 3 (3)
- An action or test specified for an undefined field
- 4 (4)
- Test specified with RENAME
- 5 (5)
- Reserved for IBM's use.
- 6 (6)
- Reserved for IBM's use.
- 7 (7)
- Incorrect entry type
- 8 (8)
- GROUP=YES specified for an ICHEACTN, but the data length given
was too long for the associated data. This reason code can occur with
DATAMAP=OLD.
- 9 (9)
- GROUP=YES specified for an ICHEACTN, but the data length given
was too short for the associated data.
- A (10)
- Chained ICHEINTY macros have inconsistent parameters: (CLASS,
ENTRY, ENTRYX, GENERIC, RBA, SMC, TYPE, or VOLUME).
- B (11)
- Chained ICHEINTY macros have inconsistent request types (operations).
- C (12)
- All ICHEINTY macros specified RUN=NO
- D (13)
- Operation not allowed with SEGMENT keyword.
- E (14)
- Illegal field specified for GROUP=YES, must be a repeat group
count field
- F (15)
- More than 1000 ICHEINTY macros present in the chain
- 10 (16)
- Specified SEGMENT name not allowed for the specified profile type.
- 11 (17)
- GROUP=YES specified for an ICHEACTN but the data length given
was too long for the associated data. This reason code can occur with
DATAMAP=NEW.
- 12 (18)
- Data byte specified on ICHEACTN exceeded the length of the specified
fixed-length field.
- 13 (19)
- Inconsistency between action data length and repeat group fields.
GROUP=YES data is too short.
- 14 (20)
- Invalid ENTRYX. Current length is greater than 44 and either the
primary or the backup database is not in the restructured database
format.
- 15 (21)
- Invalid NEWNAMX. Current length is greater than 44 and either
the primary or the backup database is not in the restructured database
format.
- 16 (22)
- Data length specified on the ICHEACTN macro was less than zero
and neither FLDATA=DEL nor FLDATA=COUNT were specified.
- 17 (23)
- Reserved for IBM's use.
- 18 (24)
- Reserved for IBM's use.
- 19 (25)
- Number of tests is greater than 254.
- 1A (26)
- Invalid date supplied on an ICHEACTN when DATEFMT=YYYYDDDF is
specified. Date must have a length of 4 bytes and be in the form CCYYDDDF
where CC=19, 70 < YY <= 99 and CC=20, 00 <= YY <= 70.
- 1B (27)
- Repeat count cannot be updated when GROUP=NO is specified.
- 1C (28)
- Alias locate requested but database is stage 0 or 1.
- 1D (29)
- Invalid alias locate IPL.
- 1E (30)
- Alias locate requested for a non-alias field.
- 1F (31)
- Base pointer for test is 0 on an alias locate request.
- 20 (32)
- Alias name length is 0 or greater than 252 on an add, alter, or
delete request.
- 21 (33)
- INDEX=MULTIPLE was specified but the work area (WKAREA) is not
4K or longer.
- 28 (40)
- The maximum profile size (65 535 bytes) has been reached;
the profile cannot be expanded.
- 2C (44)
- The user-supplied work area was not large enough to hold all the
data returned. The work area is filled with data up to, but not including,
the first field that did not fit. If WKSP was specified, the manager
obtains a new work area, retrieves the data, and sets the return code
to 0.
- 30 (48)
- The user-supplied work area was smaller than the minimum amount
required (30 bytes).
- 34 (52)
- A test condition specified in the TESTS keyword of the ICHEINTY
macro was not met; further processing was suppressed.
- 38 (56)
- You requested an operation on a DATASET type entry that has multiple RACF definitions, but you did not
specify a VOLUME to single out a specific entry.
- 3C (60)
- For DATASET type entries, you specified a VOLUME that did not
exist in the volume list of any entry with the specified name. For
TAPEVOL class entries, a request tried to add a new TAPEVOL to a nonexistent
tape volume set.
- 40 (64)
- You attempted to delete one of the entries supplied by IBM® (such as SYS1 or IBMUSER) from
the RACF database.
- 44 (68)
- An ALTERI request attempted to change the size of the profile
being updated.
- 48 (72)
- A request to add an entry to the RACF database
would have caused the RACF index
to increase to a depth that RACF does
not support. The maximum depth is 10 levels.
- 4C (76)
- ICHEINTY encountered an invalid index block or read a non-index
block when it expected an index block.
- 50 (80)
- An attempt was made to update one of the following (by a request
other than ALTERI):
- The RACF database that
has been locked by a RACF utility
- The RACF database from
a system that is in read-only mode (in a RACF sysplex data sharing environment)
- 54 (84)
- Reserved for IBM's use.
- 58 (88)
- At least one (but not all) ICHEACTN macros for information retrieval
failed to be executed because of a profile field access violation.
- 5C (92)
- All ICHEACTN macros for information retrieval failed to be executed
because of a profile field access violation.
- 60 (96)
- An ICHEACTN macro attempted to alter a field and failed because
of a profile field access violation. All ICHEACTN macros for the ICHEINTY
were suppressed. For FLDACC entries, the field class may not be active
and processed by SETROPTS RACLIST.
- 64 (100)
- The RELEASE keyword on the E-form ICHEINTY specified a release
of 1.8 or later and CHECK, but the L-form did not specify a release
of 1.8 or later.
- 68 (104)
- The requested profile on the database contains erroneous data.
A reason code is returned as follows:
- 1
- The profile is physically too short to contain the data implied
by variable field lengths or repeat group count fields.
- 6C (108)
- The RACF manager has been
invoked recursively, and an exclusive reserve/enqueue is required.
However a shared reserve/enqueue is already held.
- 70 (112)
- The RACF manager received
an unexpected return code from a reserve/enqueue. The reserve/enqueue
return code is passed back in register 0.
- 74 (116)
- The maximum length of extended entry of ICHEINTY parameter list
is not enough to contain a found profile name.
- 78 (120)
- Reserved (used internal to RACF).
- 7C (124)
- Reserved (used internal to RACF).
- 80 (128)
- This is a data sharing mode return code. A coupling facility function
had a problem when dealing with the ICB.
- 84 (132)
- A request to expand an alias index entry beyond its maximum size
has been denied.
|