z/OS Security Server RACF Macros and Interfaces
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Group template for the RACF database

z/OS Security Server RACF Macros and Interfaces
SA23-2288-00

The group template describes the fields of group profiles in the RACF® database.

NOT programming interface information
       

ACSCNT
FIELD

FLDCNT
FLDFLAG

FLDNAME
FLDVALUE

INITCNT
End of NOT programming interface information End of NOT programming interface information
End of NOT programming interface information
Note:
  1. Application developers should not depend on being able to use RACROUTE REQUEST=EXTRACT for the BASE segment fields on any security product other than RACF. These products are expected to support only such segments as DFP and TSO.
  2. The TME segment fields are intended to be updated by the Tivoli® applications, which manage updates, permissions, and cross-references among the fields. The TME fields should only be directly updated on an exception basis. See z/OS Security Server RACF Command Language Reference for formats of the field data as enforced by the RACF commands. Use caution when directly updating TME fields, as the updates might be overridden by subsequent actions of Tivoli applications.

The contents of the group template are as follows:

Template Field being described
Field name (character data) Field ID Flag 1 Flag 2 Field length decimal Default value Type  
The following is the BASE segment of the GROUP template.
GROUP 001 00 00 00000000 00    
ENTYPE 002 00 00 00000001 01 Int The number (1) corresponding to group profiles.
VERSION 003 00 00 00000001 01 Int The version field from the profile. Always X'01'.
SUPGROUP 004 00 80 00000008 FF Char The superior group to this group.
AUTHDATE 005 00 20 00000003 FF Date The date the group was created.
AUTHOR 006 00 80 00000008 FF Char The owner (user ID or group name) of the group.
INITCNT 007 00 00 00000002 FF   Reserved for IBM's use.
UACC 008 20 00 00000001 00 Bin The universal group authority. (The authority of a user to the group if the user is not connected to the group.)
Bit
Meaning when set
0
JOIN authority
1
CONNECT authority
2
CREATE authority
3
USE authority
4–7
Reserved for IBM's use
Note: This field has a value of X'00', except for the IBM-defined group VSAMDSET, where the value is X'20'.
NOTRMUAC 009 20 00 00000001 00 Bin If bit 0 is on, the user must be specifically authorized (by the PERMIT command) to use the terminal. If off, RACF uses the terminal's UACC.
INSTDATA 010 00 00 00000000 00 Char Installation data.
MODELNAM 011 00 00 00000000 00 Char Data set model profile name. The profile name begins with the second qualifier; the high-level qualifier is not stored.
FLDCNT 012 10 00 00000004 00   Reserved for IBM's use.
FLDNAME 013 80 00 00000008 00   Reserved for IBM's use.
FLDVALUE 014 80 00 00000000 00   Reserved for IBM's use.
FLDFLAG 015 A0 00 00000001 00   Reserved for IBM's use.
SUBGRPCT 016 10 00 00000004 00 Int The number of subgroups of the group.
SUBGRPNM 017 80 80 00000008 00 Char A list of the subgroup names.
ACLCNT 018 10 00 00000004 00 Int The number of users connected to the group.
USERID 019 80 00 00000008 00 Char The user ID of each user connected to the group.
USERACS 020 A0 00 00000001 00 Bin The group authority of each user connected to the group.
Bit
Meaning when set
0
JOIN authority
1
CONNECT authority
2
CREATE authority
3
USE authority
4–7
Reserved for IBM's use
ACSCNT 021 80 00 00000002 00   Reserved for IBM's use.
USRCNT 022 10 00 00000004 00 Int Reserved for installation use. See Note 1.
USRNM 023 80 00 00000008 00   Reserved for installation use. See Note 1.
USRDATA 024 80 00 00000000 00   Reserved for installation use. See Note 1.
USRFLG 025 A0 00 00000001 00   Reserved for installation use. See Note 1.
UNVFLG 026 20 00 00000001 00 Bin Identifies the group as having (bit 0 is on) or not having the UNIVERSAL attribute.

Note 1: Intended usage for these fields is to allow the installation to store additional data in this profile. USRNM should have a field name to use as a key to identify each unique occurrence of a row in the repeat group. USRDATA and USRFLG hold the data associated with that name. For more information, see "Example 5: Updating the installation fields", in Appendix A of z/OS Security Server RACF Macros and Interfaces.

Field name Field ID Flag 1 Flag 2 Combination field IDs Type  
The following are the COMBINATION fields of the GROUP template.
DEFDATE 000 40 00 005 000 000 000 000 Char Alias for AUTHDATE
CREADATE 000 40 00 005 000 000 000 000 Char Alias for AUTHDATE
OWNER 000 40 00 006 000 000 000 000 Char Alias for AUTHOR
FIELD 000 40 00 013 014 015 000 000   FLDNAME, FLDVALUE, and FLDFLAG
ACL 000 40 00 019 020 021 000 000   USERID, USERACS, and ACSCNT
USERDATA 000 40 00 023 024 025 000 000   USERNM, USERDATA, and USERFLG
Template Field being described
Field name (character data) Field ID Flag 1 Flag 2 Field length decimal Default value Type  
The following is the DFP segment of the GROUP template.
DFP 001 00 00 00000000 00   Start of segment
DATAAPPL 002 00 00 00000000 00 Char Data Application
DATACLAS 003 00 00 00000000 00 Char Data Class
MGMTCLAS 004 00 00 00000000 00 Char Management Class
STORCLAS 005 00 00 00000000 00 Char Storage Class
The following is the OMVS segment of the GROUP template.
OMVS 001 00 00 00000000 00   Start of segment
GID 002 00 10 00000004 FF Int GID
The following is the OVM segment of the GROUP template.
OVM 001 00 00 00000000 00   Start of segment
GID 002 00 00 00000004 FF Int GID
The following is the TME segment of the GROUP template.
TME 001 00 00 00000000 00   Start of segment fields
ROLEN 002 10 00 00000004 00 Int Count of roles
ROLES 003 80 00 00000000 00 Char Role names
The following is the CSDATA segment of the GROUP template.
CSDATA 001 00 00 0 0   Start of segment fields for custom fields
Note: Intended usage for these fields is dictated by your installation. See z/OS Security Server RACF Security Administrator's Guide for more information on custom fields.
CSCNT 002 10 00 4 00 Integer Count of custom fields
CSTYPE 003 80 00 1 01 Bin Custom field type:
  • 01 - character
  • 02 - numeric
  • 03 - flag
  • 04 - hex
CSKEY 004 80 00 00 00 Char Custom field keyword; maximum length = 8
CSVALUE 005 80 00 0 00 Char Custom field value
Field name Field ID Flag 1 Flag 2 Combination field IDs Type  
The following is a COMBINATION field of the CSDATA segment of the GROUP template.
CSCDATA 000 40 00 003 004 005 000 000 Char Combination field for custom fields
Parent topic: Format of field definitions

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014