|
The records associated with general resources are: - General Resource Basic Data
- General Resource Tape Volume Data
- General Resource Categories
- General Resource Members
- General Resource Volumes
- General Resource Access
- General Resource Installation Data
- General Resource Conditional Access Data
- General Resource Filter Data
- General Resource Distributed Identity Mapping Data
- General Resource Session Data
- General Resource Session Entities
- General Resource DLF Data
- General Resource DLF Job Names
- General Resource Started Task Data
- General Resource SystemView® Data
- General Resource Certificate Data
- General Resource Certificate Reference
- General Resource Key Ring Data
- General Resource TME Data
- General Resource TME Child
- General Resource TME Resource
- General Resource TME Group
- General Resource TME Role
- General Resource KERB Data
- General Resource PROXY Data
- General Resource EIM Data
- General Resource Alias Data
- General Resource CDTINFO Data
- General Resource ICTX Data
- General Resource CFDEF Data
- General Resource SIGVER Data
- General Resource ICSF
- General Resource ICSF Key Label
- General Resource ICSF Certificate Identifier
Note: The digital certificates stored in the CERTDATA segment
of general resource profiles are not readable text. Therefore, RACF® bypasses the unload of the
CERTDATA segment, and there is no record for this data.
General resource basic
data record (0500)
The General Resource Basic Data
record defines the basic information
about a general resource. There is one record per general resource
profile.
Table 1. General
Resource Basic Data Record. Defines
the basic information about a general resource.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRBD_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resource Basic Data
record (0500). |
GRBD_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. Note: When GRBD_CLASS_NAME is IDIDMAP, this value is stored in
the RACF database in UTF-8
format. If possible, database unload changes this value to the EBCDIC
format. If not possible, hexadecimal values are produced.
|
GRBD_CLASS_NAME |
Char |
253 |
260 |
Name of the class to which the general resource
profile belongs. |
GRBD_GENERIC |
Yes/ No |
262 |
265 |
Is this a generic profile? |
GRBD_CLASS |
Int |
267 |
269 |
The class number of the profile. |
GRBD_CREATE_DATE |
Date |
271 |
280 |
Date the profile was created. |
GRBD_OWNER_ID |
Char |
282 |
289 |
The user ID or group name which owns the profile. |
GRBD_LASTREF_DATE |
Date |
291 |
300 |
The date that the resource
was last referenced. |
GRBD_LASTCHG_DATE |
Date |
302 |
311 |
The date that the resource
was last changed. |
GRBD_ALTER_CNT |
Int |
313 |
317 |
The number of times that
the resource was accessed
with ALTER authority. |
GRBD_CONTROL_CNT |
Int |
319 |
323 |
The number of times that
the resource was accessed
with CONTROL authority. |
GRBD_UPDATE_CNT |
Int |
325 |
329 |
The number of times that
the resource was accessed
with UPDATE authority. |
GRBD_READ_CNT |
Int |
331 |
335 |
The number of times that
the resource was accessed
with READ authority. |
GRBD_UACC |
Char |
337 |
344 |
The universal access
of this resource. For profiles
in classes other than DIGTCERT, the valid values are NONE, READ, EXECUTE, UPDATE, CONTROL,
and ALTER. For DIGTCERT profiles, the valid values
are TRUST, NOTRUST, and HIGHTRST. |
GRBD_AUDIT_LEVEL |
Char |
346 |
353 |
Indicates the level of
resource-owner-specified
auditing that is performed. Valid values are ALL, SUCCESS, FAIL,
and NONE. |
GRBD_LEVEL |
Int |
355 |
357 |
The level of the resource. |
GRBD_GAUDIT_LEVEL |
Char |
359 |
366 |
Indicates the level of
auditor-specified auditing
that is performed. Valid values are ALL, SUCCESS, FAIL,
and NONE. |
GRBD_INSTALL_DATA |
Char |
368 |
622 |
Installation-defined
data. |
GRBD_AUDIT_OKQUAL |
Char |
624 |
631 |
The resource-owner-specified
successful access
audit qualifier. This is set to blanks if AUDIT_LEVEL is NONE.
Otherwise, it is set to either READ, UPDATE, CONTROL,
or ALTER. |
GRBD_AUDIT_FAQUAL |
Char |
633 |
640 |
The resource-owner-specified
failing access audit
qualifier. This is set to blanks if AUDIT_LEVEL is NONE.
Otherwise, it is set to either READ, UPDATE, CONTROL,
or ALTER. |
GRBD_GAUDIT_OKQUAL |
Char |
642 |
649 |
The auditor-specified
successful access audit
qualifier. This is set to blanks if GAUDIT_LEVEL is NONE.
Otherwise, it is set to either READ, UPDATE, CONTROL,
or ALTER. |
GRBD_GAUDIT_FAQUAL |
Char |
651 |
658 |
The auditor-specified
failing access audit qualifier.
This is set to blanks if GAUDIT_LEVEL is NONE.
Otherwise, it is set to either READ, UPDATE, CONTROL,
or ALTER. |
GRBD_WARNING |
Yes/ No |
660 |
663 |
Does this resource have the WARNING attribute? |
GRBD_SINGLEDS |
Yes/ No |
665 |
668 |
If this is a TAPEVOL profile, is there only one
data set on this tape? |
GRBD_AUTO |
Yes/ No |
670 |
673 |
If this is a TAPEVOL profile, is the TAPEVOL protection
automatic? |
GRBD_TVTOC |
Yes/ No |
675 |
678 |
If this is a TAPEVOL profile, is there a tape
volume table of contents on this tape? |
GRBD_NOTIFY_ID |
Char |
680 |
687 |
User ID that is notified when violations occur. |
GRBD_ACCESS_SUN |
Yes/ No |
689 |
692 |
Can the terminal be used on Sunday? |
GRBD_ACCESS_MON |
Yes/ No |
694 |
697 |
Can the terminal be used on Monday? |
GRBD_ACCESS_TUE |
Yes/ No |
699 |
702 |
Can the terminal be used on Tuesday? |
GRBD_ACCESS_WED |
Yes/ No |
704 |
707 |
Can the terminal be used on Wednesday? |
GRBD_ACCESS_THU |
Yes/ No |
709 |
712 |
Can the terminal be used on Thursday? |
GRBD_ACCESS_FRI |
Yes/ No |
714 |
717 |
Can the terminal be used on Friday? |
GRBD_ACCESS_SAT |
Yes/ No |
719 |
722 |
Can the terminal be used on Saturday? |
GRBD_START_TIME |
Time |
724 |
731 |
After what time can a user logon from this terminal? |
GRBD_END_TIME |
Time |
733 |
740 |
After what time can a user not logon from this
terminal? |
GRBD_ZONE_OFFSET |
Char |
742 |
746 |
Time zone in which the
terminal is located. Expressed
as hh:mm. Blank if the time zone has not been specified. |
GRBD_ZONE_DIRECT |
Char |
748 |
748 |
The direction of the
time zone shift. Valid values
are E(east), W(west), and blank. |
GRBD_SECLEVEL |
Int |
750 |
752 |
The security level of the general resource. |
GRBD_APPL_DATA |
Char |
754 |
1008 |
Installation-defined data. |
GRBD_SECLABEL |
Char |
1010 |
1017 |
The security label for the general resource. |
General resource tape
volume data record (0501)
The General Resource Tape
Volume Data Record defines the characteristics
of the tape volume upon which a data set resides. There is one record
per general resource/tape volume combination.
Table 2. General Resource
Tape Volume Record. Defines the
characteristics of a tape volume.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRTVOL_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resource Tape Volume
Data record (0501). |
GRTVOL_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRTVOL_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs, namely TAPEVOL. |
GRTVOL_SEQUENCE |
Int |
262 |
266 |
The file sequence number of the tape data set. |
GRTVOL_CREATE_DATE |
Date |
268 |
277 |
Creation date of the
tape data set. |
GRTVOL_DISCRETE |
Yes/ No |
279 |
282 |
Does a discrete profile exist? |
GRTVOL_INTERN_NAME |
Char |
284 |
327 |
The RACF internal
data set name. |
GRTVOL_INTERN_VOLS |
Char |
329 |
583 |
The volumes upon which
the data set resides. |
GRTVOL_CREATE_NAME |
Char |
585 |
628 |
The data set name used
when creating the data
set. |
General resource categories
record (0502)
The General Resource Categories record
defines the categories associated
with a general resource. There is one record per general resource/category
combination.
Table 3. General Resource
Categories Record. Defines the
categories associated with a general resource.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRCAT_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resources Categories
record (0502). |
GRCAT_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRCAT_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs. |
GRCAT_CATEGORY |
Int |
262 |
266 |
Category to which this
general resource belongs. |
General resource members
record (0503)
The General Resource Members record
defines the members of a general
resource profile group. There is one record per general resource/member
combination.
Note: RACF creates
a member
HWM for the SECDATA CATEGORY profile, which is reserved for IBM's
use. The HWM member and a corresponding 0503 record exist if you have
added any categories to the SECDATA CATEGORY profile.
Table 4. General Resource
Members Record. Defines the members
of a general resource.
Field
Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRMEM_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resource Members record
(0503). |
GRMEM_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRMEM_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs. |
GRMEM_MEMBER |
Char |
262 |
516 |
Member value for this
general resource. - For VMXEVENT profiles, this
is the element that is being audited.
- For PROGRAM profiles,
this is the name of the data set which contains
the program.
- For GLOBAL profiles, this is the name of the
resource for which
a global access applies.
- For SECDATA security level (SECLEVEL)
profiles, this is the level
name. For SECDATA CATEGORY profiles, this is the category name.
- For
NODES profiles, this is the user ID, group name, and security
label translation data.
- For SECLABEL profiles, this is a 4–byte
SMF ID.
|
GRMEM_GLOBAL_ACC |
Char |
518 |
525 |
If this is a GLOBAL profile,
this is the access that is allowed. Valid values are NONE, READ, UPDATE, CONTROL,
and ALTER. |
GRMEM_PADS_DATA |
Char |
527 |
534 |
If this is a PROGRAM
profile, this field contains
the Program Access to Data Set (PADS) information for the profile.
Valid values are PADCHK and NOPADCHK. |
GRMEM_VOL_NAME |
Char |
536 |
541 |
If this is a PROGRAM profile, this field defines
the volume upon which the program resides. |
GRMEM_VMEVENT_DATA |
Char |
543 |
547 |
If this is a VMXEVENT profile, this field defines
the level of auditing that is being performed. Valid values are CTL, AUDIT,
and NOCTL. |
GRMEM_SECLEVEL |
Int |
549 |
553 |
If this is a SECLEVEL
profile in the SECDATA class,
this is the numeric security level that is associated with the SECLEVEL. |
GRMEM_CATEGORY |
Int |
555 |
559 |
If this is a CATEGORY profile in the SECDATA class,
this is the numeric category that is associated with the CATEGORY. |
General resource volumes
record (0504)
The General Resource Volumes record
defines the volumes in a tape
volume set. There is one record per tape volume set/volume combination.
Table 5. General Resource
Volumes Record. Defines the volumes
in a tape volume set.
Field
Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRVOL_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resources Volumes record
(0504). |
GRVOL_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRVOL_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs, namely TAPEVOL. |
GRVOL_VOL_NAME |
Char |
262 |
267 |
Name of a volume in a tape volume set. |
General resource access
record (0505)
The General Resource Access record defines
the users or groups
who have specific access to general resources. There is one record
per general resource/authorization combination.
Table 6. General Resource
Access Record. Defines the authorizations
to general resources.
Field
Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRACC_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resource Access record
(0505). |
GRACC_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRACC_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs. |
GRACC_AUTH_ID |
Char |
262 |
269 |
User ID or group name
which is authorized to use
the general resource. |
GRACC_ACCESS |
Char |
271 |
278 |
The authority that the
user or group has over
the resource. Valid values are NONE, EXECUTE, READ, UPDATE, CONTROL,
and ALTER. |
GRACC_ACCESS_CNT |
Int |
280 |
284 |
The number of times that
the resource was accessed. |
General resource installation
data record (0506)
The General Resource Installation
Data record defines the user
data associated with a general resource. There is one record per general
resource/data combination.
This record type contains data stored
in the USRCNT repeat group,
which is a field in the RACF database
that is reserved for your installation's use. None of the RACF commands manipulate this field.
Do not confuse this field with the GRBD_INSTALL_DATA field,
shown in Table 1,
which you enter into the database using the RDEFINE and RALTER commands.
Table 7. General Resource
Installation Data Record. Defines
the user-specified data associated with a general resource.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRINSTD_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resource Installation
Data record (0506). |
GRINSTD_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRINSTD_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs. |
GRINSTD_USR_NAME |
Char |
262 |
269 |
The name of the installation-defined
field. |
GRINSTD_USR_DATA |
Char |
271 |
525 |
The data for the installation-defined
field. |
GRINSTD_USR_FLAG |
Char |
527 |
534 |
The flag for the installation-defined
field in
the form X<nn>. |
General resource conditional
access record (0507)
The General Resource Conditional
Access record defines the conditional
access to a general resource. There is one record per general resource/access
combination.
Table 8. General Resource
Conditional Access Record. Defines
the conditional access for a general resource.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRCACC_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resources Conditional
Access record (0507). |
GRCACC_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRCACC_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs. |
GRCACC_CATYPE |
Char |
262 |
269 |
The type of conditional
access checking that is
being performed. Valid values are CONSOLE, TERMINAL, JESINPUT, SYSID, APPCPORT, SERVAUTH, PROGRAM,
and CRITERIA. |
GRCACC_CANAME |
Char |
271 |
278 |
The name of a conditional
access element which
is permitted access. |
GRCACC_AUTH_ID |
Char |
280 |
287 |
The user ID or group
name which has authority
to the general resource. |
GRCACC_ACCESS |
Char |
289 |
296 |
The authority of the
conditional access element/user
combination. Valid values are NONE, READ, UPDATE, CONTROL,
and ALTER. |
GRCACC_ACCESS_CNT |
Int |
298 |
302 |
The number of times that
the general resource
was accessed. |
GRCACC_NET_ID |
Char |
304 |
311 |
The network name when
GRCACC_CATYPE is APPCPORT. |
GRCACC_CACRITERIA |
Char |
313 |
556 |
Access
criteria or SERVAUTH IP data. |
General resource filter
data record (0508)
The General Resource Filter Data
record defines the information
used to create the filter described by this DIGTNMAP profile and identifies
the associated user ID or criteria (DIGTCRIT) profile.
Table 9. General Resource
Filter Data Record. Defines the
certificate mapping information associated with a DIGTNMAP profile.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRFLTR_RECORD_TYPE |
Int |
1 |
4 |
Record Type of the Filter
Data record (0508). |
GRFLTR_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRFLTR_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs. |
GRFLTR_LABEL |
Char |
262 |
293 |
The label associated
with this filter. |
GRFLTR_STATUS |
Char |
295 |
302 |
The status of this filter
(TRUST) for filters
that are trusted. |
GRFLTR_USER |
Char |
304 |
549 |
The user ID or criteria
profile name associated
with this filter. |
GRFLTR_CREATE_NAME |
Char |
551 |
1061 |
The issuer's or subject's
name, or both, used
to create this profile. |
General resource distributed
identity mapping data record (0509)
The General Resource
Distributed Identity Mapping Data record defines
the information used to create the mapping described by this IDIDMAP
class profile and identifies the associated user ID.
Table 10. General Resource
Distributed Identity Mapping Record. Defines
the mapping information described by this IDIDMAP class profile.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRDMAP_RECORD_TYPE |
Int |
1 |
4 |
Record Type of the General
Resource Distributed
Identity Mapping Data record (0509). |
GRDMAP_NAME |
Char |
6 |
251 |
General resource name as taken from the profile
name. Note: This value is stored in the RACF database
in UTF-8 format. If possible, database unload changes this value to
the EBCDIC format. If not possible, hexadecimal values are produced.
|
GRDMAP_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs. |
GRDMAP_LABEL |
Char |
262 |
293 |
The label associated
with this mapping. |
GRDMAP_USER |
Char |
295 |
302 |
The RACF user
ID associated with this mapping. |
GRDMAP_DIDREG |
Char |
304 |
558 |
The registry name value
associated with this mapping. Note: This
value is stored in the RACF database
in UTF-8 format. If possible, database unload changes this value to
the EBCDIC format. If not possible, hexadecimal values are produced.
|
General resource session
data record (0510)
The General Resource Session Data
record defines the session data
associated with a general resource. There is one record per APPCLU
profile.
Table 11. General Resource
Session Data Record. Defines
the session data associated with an APPCLU profile.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRSES_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resources Session Data
record (0510). |
GRSES_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRSES_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs, namely APPCLU. |
GRSES_SESSION_KEY |
Char |
262 |
269 |
The key associated with the APPC session. |
GRSES_LOCKED |
Yes/ No |
271 |
274 |
Is the profile locked? |
GRSES_KEY_DATE |
Date |
276 |
285 |
Last date that the session
key was changed. |
GRSES_KEY_INTERVAL |
Int |
287 |
291 |
Number of days that the
key is valid. |
GRSES_SLS_FAIL |
Int |
293 |
297 |
Current number of failed
attempts. |
GRSES_MAX_FAIL |
Int |
299 |
303 |
Number of failed attempts
before lockout. |
GRSES_CONVSEC |
Char |
305 |
312 |
Specifies the security
checking performed when
sessions are established. Valid values are NONE, CONVSEC, PERSISTV, ALREADYV,
and AVPV. |
General resource session
entities record (0511)
The General Resource Session
Entities record defines the entities
associated with a general resource APPCLU profile. There is one record
per APPCLU profile/session entity combination.
Table 12. General Resource
Session Entity Record. Defines
the session entities data associated with a general resource APPCLU
profile.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRSESE_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resources Session Entities
record (0511). |
GRSESE_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRSESE_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs, namely APPCLU. |
GRSESE_ENTITY_NAME |
Char |
262 |
296 |
Entity name. |
GRSESE_FAIL_CNT |
Int |
298 |
302 |
The number of failed session attempts. |
General resource DLF
data record (0520)
The General Resource DLF Data record
defines the Data Lookaside
Facility (DLF) data associated with a general resource. There is one
record per general resource/DLF data combination.
Table 13. General Resource
DLF Data Record. Defines the
DLF data associated with a general resource.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRDLF_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resources DLF Data
record (0520). |
GRDLF_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRDLF_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs, namely DLFCLASS. |
GRDLF_RETAIN |
Yes/ No |
262 |
265 |
Is this a retained resource? |
General resource DLF
job names record (0521)
The General Resource DLF Job
Names record defines the job names
associated with a DLF general resource. There is one record per general
resource/DLF job name combination.
Table 14. General Resource
DLF Job Names Record. Defines
the DLF job name data about a DLF general resource.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRDLFJ_RECORD_TYPE |
Int |
1 |
4 |
Record type of the General
Resources DLF Job Names
record (0521). |
GRDLFJ_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRDLFJ_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs, namely DLFCLASS. |
GRDLFJ_JOB_NAME |
Char |
262 |
269 |
The job name associated with the general resource. |
General resource started
task data record (0540)
The General Resource Started
Task Data Record defines the information
associated with the definition of a started task in the STARTED general
resource class.
Table 15. General Resource
Started Task Data RecordField Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRST_RECORD_TYPE |
Int |
1 |
4 |
Record type (0540). |
GRST_NAME |
Char |
6 |
251 |
Profile name. |
GRST_CLASS_NAME |
Char |
253 |
260 |
The class name, STARTED. |
GRST_USER_ID |
Char |
262 |
269 |
User ID assigned. |
GRST_GROUP_ID |
Char |
271 |
278 |
Group name assigned. |
GRST_TRUSTED |
Yes/ No |
280 |
283 |
Is process to run trusted? |
GRST_PRIVILEGED |
Yes/ No |
285 |
288 |
Is process to run privileged? |
GRST_TRACE |
Yes/ No |
290 |
293 |
Is entry to be traced? |
General resource SystemView data
record (0550)
The General Resource SystemView Data
Record defines the information associated with the SYSMVIEW general
resource class.
Table 16. General Resource SystemView Data Record. Defines the information associated
with the SYSMVIEW general resource class.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRSV_RECORD_TYPE |
Int |
1 |
4 |
Record type (0550). |
GRSV_NAME |
Char |
6 |
251 |
Profile name. |
GRSV_CLASS_NAME |
Char |
253 |
260 |
Class name, SYSMVIEW. |
GRSV_SCRIPT_NAME |
Char |
262 |
269 |
Logon script name for the application. |
GRSV_PARM_NAME |
Char |
271 |
278 |
Parameter list name for the application. |
General resource certificate data record (0560)
The general resource certificate data record defines the information
associated with the digital certificate.
Table 17. General Resource Certificate Data
RecordField Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRCERT_RECORD_TYPE |
Int |
1 |
4 |
Record type of the Certificate Data record (0560). |
GRCERT_NAME |
Char |
6 |
251 |
General resource name as taken from the profile
name. |
GRCERT_CLASS_NAME |
Char |
253 |
260 |
Name of the class to which the general resource
profile belongs. |
GRCERT_START_DATE |
Date |
262 |
271 |
The date from which this certificate is valid. |
GRCERT_START_TIME |
Time |
273 |
280 |
The time from which this certificate is valid. |
GRCERT_END_DATE |
Date |
282 |
291 |
The date after which this certificate is no longer
valid. |
GRCERT_END_TIME |
Time |
293 |
300 |
The time after which this certificate is no longer
valid. |
GRCERT_KEY_TYPE |
Char |
302 |
309 |
The type of key associated with the certificate.
Valid values: BPECC, BPECCTKN, BPECTKNT, DSA, ICSFTOKN, NTECC,
NTECCTKN, NTECTKNT, PCICCTKN, PKCSDER, PUBTOKEN, RSATKNT,
or all blanks indicating no private key. The value PUBTOKEN indicates
that the public key (without the private key) is stored in ICSF. |
GRCERT_KEY_SIZE |
Int |
311 |
320 |
The size of private key associated with the certificate,
expressed in bits. |
GRCERT_LAST_SERIAL |
Char |
322 |
337 |
The hexadecimal representation of the low-order
eight bytes of the serial number of the last certificate signed with
this key. |
GRCERT_RING_SEQN |
Int |
339 |
348 |
A sequence number for certificates within the
ring. |
General resource certificate
references record (0561)
The general resource certificate
references record identifies the
key ring associated with the digital certificate.
Table 18. General Resource
Certificate References Record. Identifies
the key ring associated with the digital certificate.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
CERTR_RECORD_TYPE |
Int |
1 |
4 |
Record type of the Certificate
References record
(0561). |
CERTR_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
CERTR_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs. |
CERTR_RING_NAME |
Char |
262 |
507 |
The name of the profile
which represents a key
ring with which this certificate is associated. |
General resource key
ring data record (0562)
The general resource key ring
data record defines the information
associated with the key ring.
Table 19. General
Resource
Key Ring Data Record. Defines
the information associated with the key ring.
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
KEYR_RECORD_TYPE |
Int |
1 |
4 |
Record type of the Key
Ring Data record (0562). |
KEYR_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
KEYR_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
profile belongs. |
KEYR_CERT_NAME |
Char |
262 |
507 |
The name of the profile
which contains the certificate
which is in this key ring. |
KEYR_CERT_USAGE |
Char |
509 |
516 |
The usage of the certificate
within the ring.
Valid values are PERSONAL, SITE, and CERTAUTH. |
KEYR_CERT_DEFAULT |
Yes/No |
518 |
521 |
Is this certificate the
default certificate within
the ring? |
KEYR_CERT_LABEL |
Char |
523 |
554 |
The label associated
with the certificate. |
General resource TME data record
(0570)
The General Resource TME data record identifies the parent
ROLE profile
from which this profile inherits attributes. There is one record per
general resource profile/TME data combination.
Table 20. General Resource TME Data Record. General resource TME data record (0570)
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRTME_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general
resource TME data
record
(0570). |
GRTME_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRTME_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
belongs. |
GRTME_PARENT |
Char |
262 |
507 |
Parent role. |
General resource TME child record
(0571)
The general resource TME child record identifies a ROLE
profile which
inherits attributes from this profile. There is one record per general
resource/child combination.
Table 21. General
Resource TME Child
Record. General Resource TME
Child Record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRTMEC_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general
resource TME child
record
(0571). |
GRTMEC_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRTMEC_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
belongs. |
GRTMEC_CHILD |
Char |
262 |
507 |
Child role. |
General resource TME resource record
(0572)
The general resource TME resource record identifies resources
and
access authorities for groups defined in the role. There is one record
per general resource/resource combination.
Table 22. General Resource TME Resource Record. General Resource TME Resource Record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRTMER_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general
resource TME resource
record
(0572). |
GRTMER_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRTMER_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
belongs. |
GRTMER_ORIGIN_ROLE |
Char |
262 |
507 |
Role profile from which
resource access is inherited. |
GRTMER_PROF_CLASS |
Char |
509 |
516 |
Class name of the origin-role
resource. |
GRTMER_PROF_NAME |
Char |
518 |
763 |
Resource name defined
in the origin role. |
GRTMER_ACCESS_AUTH |
Char |
765 |
772 |
Access permission to
the resource. |
GRTMER_COND_CLASS |
Char |
774 |
781 |
Class name for conditional
access. |
GRTMER_COND_PROF |
Char |
783 |
1028 |
Resource profile for
conditional access. |
General resource TME group record
(0573)
The general resource TME group record identifies groups
that are permitted
to resources in the role. There is one record per general resource/group
combination.
Table 23. General Resource TME Group Record. General Resource TME Group Record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRTMEG_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general
resource TME group
record
(0573). |
GRTMEG_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRTMEG_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
belongs. |
GRTMEG_GROUP |
Char |
262 |
269 |
Group name defined to
the role. |
General resource TME role record
(0574)
The general resource TME role record identifies ROLE
profiles and
access authorities referencing the general resource. There is one
record per general resource/role combination.
Table 24. General Resource TME Role Record. General Resource TME Role Record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRTMEE_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general
resource TME role
record
(0574). |
GRTMEE_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRTMEE_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
belongs. |
GRTMEE_ROLE_NAME |
Char |
262 |
507 |
Role profile name. |
GRTMEE_ACCESS_AUTH |
Char |
509 |
516 |
Access permission to
this resource as defined
by the role. |
GRTMEE_COND_CLASS |
Char |
518 |
525 |
Class name for conditional
access. |
GRTMEE_COND_PROF |
Char |
527 |
772 |
Resource profile for
conditional access. |
General resource KERB data record (0580)
The general resource KERB Data record defines the Kerberos information
for a realm. There is only one record per general resource profile
that contains a KERB segment.
Table 25. General Resource KERB Data RecordField Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRKERB_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general resource KERB segment
record (0580). |
GRKERB_NAME |
Char |
6 |
251 |
General resource name as taken from the profile
name. |
GRKERB_CLASS_NAME |
Char |
253 |
260 |
Name of the class to which the general resource
profile belongs. |
GRKERB_KERBNAME |
Char |
262 |
501 |
The Kerberos realm name. |
GRKERB_MIN_LIFE |
Int |
503 |
512 |
Minimum ticket life. |
GRKERB_MAX_LIFE |
Int |
514 |
523 |
Maximum ticket life. |
GRKERB_DEF_LIFE |
Int |
525 |
534 |
Default ticket life. |
GRKERB_KEY_VERS |
Int |
536 |
538 |
Current key version. |
GRKERB_ENCRYPT_DES |
Yes/ No |
540 |
543 |
Is key encryption using DES enabled? |
GRKERB_ENCRYPT_DES3 |
Yes/ No |
545 |
548 |
Is key encryption using DES3 enabled? |
GRKERB_ENCRYPT_DESD |
Yes/ No |
550 |
553 |
Is key encryption using DES with derivation enabled? |
GRKERB_ENCRPT_A128 |
Yes/ No |
555 |
558 |
Is key encryption using AES128 enabled? |
GRKERB_ENCRPT_A256 |
Yes/ No |
560 |
563 |
Is key encryption using AES256 enabled? |
RESERVED |
Char |
565 |
618 |
Reserved for future use. |
GRKERB_CHKADDRS |
Yes/ No |
620 |
623 |
Should the Kerberos server check addresses in
tickets? |
General resource PROXY
record (0590)
The general resource PROXY record identifies
default information
related to the LDAP proxy for a general resource. There is only one
record per general resource profile that contains a PROXY segment.
Table 26. General Resource
PROXY Record. General Resource
PROXY Record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRPROXY_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general
resource PROXY record
(0590). |
GRPROXY_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile
name. |
GRPROXY_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
belongs. |
GRPROXY_LDAP_HOST |
Char |
262 |
1284 |
LDAP server URL. |
GRPROXY_BIND_DN |
Char |
1286 |
2308 |
LDAP BIND distinguished name. |
General resource EIM
record (05A0)
The general resource EIM record defines
EIM-related information.
There is only one record per general resource profile that contains
an EIM segment.
Table 27. General Resource
EIM Record. General Resource
EIM Record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GREIM_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general
resource EIM segment
record (05A0). |
GREIM_NAME |
Char |
6 |
251 |
Profile name. |
GREIM_CLASS_NAME |
Char |
253 |
260 |
Class name. |
GREIM_DOMAIN_DN |
Char |
262 |
1284 |
EIM domain name. |
GREIM_ENABLE |
Yes/No |
1286 |
1289 |
EIM Enable option. |
|
Char |
1291 |
1364 |
Reserved for
IBM's use. |
GREIM_LOCAL_REG |
Char |
1366 |
1620 |
EIM LDAP local registry
name. |
GREIM_KERBREG |
Char |
1622 |
1876 |
EIM
Kerberos Registry Name |
GREIM_X509REG |
Char |
1878 |
2132 |
EIM
X.509 Registry name |
General resource alias
data record (05B0)
Table 28. General
Resource
Alias Data Record. General Resource
Alias Data Record
Field
Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRALIAS_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general
resource ALIAS group
record (05B0). |
GRALIAS_NAME |
Char |
6 |
251 |
General resource name
as taken from the profile. |
GRALIAS_CLASS_NAME |
Char |
253 |
260 |
Name of the class to
which the general resource
belongs. |
GRALIAS_IPLOOK |
Int |
262 |
293 |
IP lookup value in SERVAUTH
class. |
General resource CDTINFO
data record (05C0)
The general resource CDTINFO data
record defines class descriptor
table information. There is only one record per general resource profile
that contains a CDTINFO segment.
Table 29. General
Resource
CDTINFO Data Record. General
Resource CDTINFO Data Record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRCDT_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general resource
CDTINFO data record (05C0). |
GRCDT_NAME |
Char |
6 |
251 |
General
resource name as taken
from the profile. |
GRCDT_CLASS_NAME |
Char |
253 |
260 |
Name of the class to which the
general resource belongs, namely CDT. |
GRCDT_POSIT |
Int |
262 |
271 |
POSIT number for class. |
GRCDT_MAXLENGTH |
Int |
273 |
275 |
Maximum length of
profile names when using ENTITYX. |
GRCDT_MAXLENX |
Int |
277 |
286 |
Maximum
length of profile names when using ENTITYX. |
GRCDT_DEFAULTRC |
Int |
288 |
290 |
Default return code. |
GRCDT_KEYQUALIFIER |
Int |
292 |
301 |
Number
of key qualifiers. |
GRCDT_GROUP |
Char |
303 |
310 |
Resource
grouping class name. |
GRCDT_MEMBER |
Char |
312 |
319 |
Member
class name. |
GRCDT_FIRST_ALPHA |
Yes/ No |
321 |
324 |
Is an alphabetic character
allowed in the first
character of a profile name? |
GRCDT_FIRST_NATL |
Yes/ No |
326 |
329 |
Is a national character
allowed in the first
character of a profile name? |
GRCDT_FIRST_NUM |
Yes/ No |
331 |
334 |
Is a numeric character
allowed in the first
character of a profile name? |
GRCDT_FIRST_SPEC |
Yes/ No |
336 |
339 |
Is a special character
allowed in the first
character of a profile name? |
GRCDT_OTHER_ALPHA |
Yes/ No |
341 |
344 |
Is an alphabetic character
allowed in other
characters of a profile name? |
GRCDT_OTHER_NATL |
Yes/ No |
346 |
349 |
Is a national character
allowed in other characters
of a profile name? |
GRCDT_OTHER_NUM |
Yes/ No |
351 |
354 |
Is a numeric character
allowed in other characters
of a profile name? |
GRCDT_OTHER_SPEC |
Yes/ No |
356 |
359 |
Is a special character
allowed in other characters
of a profile name? |
GRCDT_OPER |
Yes/ No |
361 |
364 |
Is OPERATIONS attribute
to be considered? |
GRCDT_DEFAULTUACC |
Char |
366 |
373 |
Default
universal access. Valid values are ACEE, ALTER, CONTROL, UPDATE, READ, EXECUTE, NONE. |
GRCDT_RACLIST |
Char |
375 |
384 |
RACLIST
setting. Valid values are ALLOWED, DISALLOWED, REQUIRED. |
GRCDT_GENLIST |
Char |
386 |
395 |
GENLIST
setting. Valid values are ALLOWED, DISALLOWED. |
GRCDT_PROF_ALLOW |
Yes/ No |
397 |
400 |
Are profiles allowed
in the class? |
GRCDT_SECL_REQ |
Yes/ No |
402 |
405 |
Are security labels
required for the class when
MLACTIVE is on? |
GRCDT_MACPROCESS |
Char |
407 |
414 |
Type
of mandatory access check processing. Valid
values are EQUAL, NORMAL, REVERSE. |
GRCDT_SIGNAL |
Yes/ No |
416 |
419 |
Is ENF signal to be
sent? |
GRCDT_CASE |
Char |
421 |
428 |
Case
of profile names. Valid values are ASIS, UPPER. |
GRCDT_GENERIC |
Char |
430 |
439 |
GENERIC
setting. Valid values are ALLOWED and
DISALLOWED. |
General resource ICTX
data record (05D0)
The General Resource ICTX record
contains the configuration options
used to control the behavior of the ICTX identity cache.
Table 30. General Resource
ICTX Data Record. General Resource
ICTX Data Record
Field
Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRICTX_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general resource
ICTX segment record (05D0). |
GRICTX_NAME |
Char |
6 |
251 |
General
resource name as taken
from the profile name. |
GRICTX_CLASS_NAME |
Char |
253 |
260 |
Name
of the class to which the general resource
profile belongs. |
GRICTX_USEMAP |
Yes/No |
262 |
265 |
Should
the identity cache store an application
provided identity mapping? |
GRICTX_DOMAP |
Yes/No |
267 |
270 |
Should
the identity cache determine and store
the identity mapping? |
GRICTX_MAPREQ |
Yes/No |
272 |
275 |
Is
an identity mapping required? |
GRICTX_MAP_TIMEOUT |
Int |
277 |
281 |
How
long the identity cache should store an
identity mapping. |
General Resource CFDEF
Data record (05E0)
The General Resource CFDEF Data
record (05E0) defines custom field
information. There is one record per general resource profile that
contains a CFDEF segment.
Table 31. General
Resource
CFDEF Data Record. General Resource
CFDEF Data Record
Field
Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRCFDEF_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general resource
CFDEF data record (05E0). |
GRCFDEF_NAME |
Char |
6 |
251 |
General
resource name as taken
from the profile name. |
GRCFDEF_CLASS |
Char |
253 |
260 |
Name
of the class to which the general resource
belongs, namely CFIELD. |
GRCFDEF_TYPE |
Char |
262 |
265 |
Data
type for the custom field. Valid values
are CHAR, FLAG, HEX, NUM. |
GRCFDEF_MAXLEN |
Int |
267 |
276 |
Maximum
length of the custom field. |
GRCFDEF_MAXVAL |
Int |
278 |
287 |
Maximum
value of the custom field. |
GRCFDEF_MINVAL |
Int |
289 |
298 |
Minimum
value of the custom field. |
GRCFDEF_FIRST |
Char |
300 |
307 |
Character
restriction for the first character.
Valid values are ALPHA, ALPHANUM, ANY, NONATABC, NONATNUM, NUMERIC. |
GRCFDEF_OTHER |
Char |
309 |
316 |
Character
restriction for other characters.
Valid values are ALPHA, ALPHANUM, ANY, NONATABC, NONATNUM, NUMERIC. |
GRCFDEF_MIXED |
Yes/No |
318 |
321 |
Is
mixed case allowed in the field? |
GRCFDEF_HELP |
Char |
323 |
577 |
Help
text for the custom field. |
GRCFDEF_LISTHEAD |
Char |
579 |
618 |
List
heading for the custom field. |
General Resource SIGVER
data record (05F0)
The General Resource SIGVER Data
record (05F0) defines the settings
that control program signature verification. There is one record per
general resource profile that contains a SIGVER segment.
Table 32. General Resource
SIGVER Data Record. General Resource
SIGVER Data Record
Field
Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRSIG_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general resource
SIGVER data record (05F0). |
GRSIG_NAME |
Char |
6 |
251 |
General
resource name as taken
from the profile name. |
GRSIG_CLASS_NAME |
Char |
253 |
260 |
Name
of the class to which the general resource
profile belongs. |
GRSIG_SIGREQUIRED |
Yes/No |
262 |
265 |
Signature
required. |
GRSIG_FAILLOAD |
Char |
267 |
276 |
Condition
for which load should fail. Valid
values are NEVER, BADSIGONLY, and ANYBAD. |
GRSIG_AUDIT |
Char |
278 |
287 |
Condition for which RACF should audit. Valid values
are NONE, ALL,
SUCCESS, BADSIGONLY, and ANYBAD. |
General Resource ICSF record (05G0)
The General Resource ICSF record (05G0) defines the ICSF attributes
associated with a general resource profile. There is one record per
general resource/ICSF data combination.
Table 33. General Resource ICSF RecordField Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRCSF_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general resource
ICSF record (05G0). |
GRCSF_NAME |
Char |
6 |
251 |
General resource name as taken
from the profile name. |
GRCSF_CLASS_NAME |
Char |
253 |
260 |
Name of the class to which the general resource
profile belongs. |
GRCSF_EXPORTABLE |
Char |
262 |
273 |
Is the symmetric key exportable? Valid values
are: BYNONE, BYLIST, and BYANY. |
GRCSF_USAGE |
Char |
275 |
529 |
Allowable uses of the asymmetric key. Valid
values are: HANDSHAKE, NOHANDSHAKE, SECUREEXPORT, and NOSECUREEXPORT. |
GRCSF_CPACF_WRAP |
Yes/No |
531 |
533 |
Specifies whether the encrypted symmetric key
is eligible to be rewrapped by CP Assist for Cryptographic Function
(CPACF). |
General Resource ICSF
key label record (05G1)
The General Resource ICSF
key label record (05G1) defines the PKDS
key labels associated with an ICSF general resource. There is one
record per general resource/ICSF key label combination.
Table 34. General Resource
ICSF key label Record. General
Resource ICSF key label Record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRCSFK_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general resource
ICSF key label record (05G1). |
GRCSFK_NAME |
Char |
6 |
251 |
General
resource name as taken
from the profile name. |
GRCSFK_CLASS_NAME |
Char |
253 |
260 |
Name
of the class to which the general resource
profile belongs. |
GRCSFK_LABEL |
Char |
262 |
325 |
ICSF
key label of a public key that can be used
to export this symmetric key. |
General Resource ICSF
certificate identifier record (05G2)
The General Resource
ICSF certificate identifier record (05G2)
defines the certificates associated with an ICSF general resource.
There is one record per general resource/certificate combination.
Table 35. General Resource
ICSF certificate identifier Record. General
Resource ICSF certificate identifier Record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
GRCSFC_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general resource
ICSF certificate identifier record (05G2). |
GRCSFC_NAME |
Char |
6 |
251 |
General resource name as taken
from the profile name. |
GRCSFC_CLASS_NAME |
Char |
253 |
260 |
Name
of the class to which the general resource
profile belongs. |
GRCSFC_LABEL |
Char |
262 |
358 |
Certificate
identifier of a public key that
can be used to export this symmetric key. |
General resource
certificate information record (1560)
The general
resource certificate information record (1560) defines
additional information associated with the digital certificate.
Table 36. General resource
certificate information record. General
resource certificate information record
Field Name |
Type |
Position |
Comments |
---|
Start |
End |
---|
CERTN_RECORD_TYPE |
Int |
1 |
4 |
Record type of the general resource
certificate information record (1560). |
CERTN_NAME |
Char |
6 |
251 |
General resource name as taken
from the profile name. |
CERTN_CLASS_NAME |
Char |
253 |
260 |
Name
of the class to which the general resource
profile belongs. |
CERTN_ISSUER_DN |
Char |
262 |
1285 |
Issuers
distinguished name. |
CERTN_SUBJECT_DN |
Char |
1287 |
2310 |
Subjects
distinguished name. |
CERTN_SIG_ALG |
Char |
2312 |
2327 |
Certificate signature algorithm.
Valid values are md2RSA, md5RSA, sha1RSA, sha1DSA, sha256RSA, sha224RSA,
sha384RSA, sha512RSA, sha1ECDSA, sha256ECDSA, sha224ECDSA, sha384ECDSA,
sha512ECDSA, and UNKNOWN. |
|