The following topics contain a detailed description of the records that are produced by the RACF SMF data unload utility. The output of the utility is a series of records that represents the security relevant SMF data that is the input to the utility. These records are in a format suitable for export to the relational data manager of an installation's choice.

In some cases, the input SMF record does not contain all of the data that are indicated in the output record mappings shown in the following sections. In these cases, IRRADU00 places blanks in the fields.

For the audit records created for RACF® commands, the exact order and format of the unloaded keywords and operands from the commands (contained within the fields whose names end with "_SPECIFIED", "_IGNORED", and "_FAILED,") are not part of the programming interface.

Furthermore, for RACF commands that allow segment fields to be specified (ADDUSER, ALTUSER, ADDGROUP, ALTGROUP, ADDSD, ALTDSD, RDEFINE, and RALTER), only the keywords that correspond to the base segment in the RACF database appear in the SMF unload fields whose names end with "_IGNORED" and "_FAILED". Keywords that correspond to segment fields in the RACF database, such as "TSO(ACCTNUM(1234))" or "SESSION(INTERVAL(20))" appear in fields whose names end with "_SPECIFIED", even if the segment keywords fail because of field level access checking.