In unloading the database, these rules were followed:
- Each repeat group has its own record type.
For example, the
repeat group representing the access list for data sets covered by
a profile is ACL2CNT (the field name in the template). There is a
data set access record (type 0404) created for each entry in the access
list.
- Flag fields that are not mutually exclusive values (for example,
8-bit flags where more than one bit could be on at once) are defined
as separate fields.
When this field is processed, it is unloaded
as a 4-character field, with the values YES and NO as
valid values. The field is left-justified.
- Flag fields that have mutually exclusive settings are unloaded
as 8-character fields with a value corresponding to each bit setting.
For
example, the UACC in a data set profile is a flag field in which each
bit position corresponds to a universal access. The utility translates
this single flag field into an 8-byte string with the value NONE, READ, UPDATE, CONTROL,
or ALTER. If the flag field contains a value which
is undefined, then the utility unloads the value as X<cc>,
where cc is the hexadecimal value of the flag field.
- Encrypted and reserved fields are not unloaded.
- A maximum of 255 bytes are unloaded, except for the following
fields:
Segment |
Field |
Bytes unloaded |
---|
PROXY |
LDAP_HOST |
1023 |
BIND_DN |
1023 |
EIM |
DOMAIN_DN |
1023 |
OMVS |
HOME_PATH |
1023 |
PROGRAM |
1023 |
OVM |
HOME_PATH |
1023 |
PROGRAM |
1023 |
FSROOT |
1023 |
DCE |
DCE_NAME |
1023 |
HOMECELL |
1023 |
CSDATA |
All fields |
Maximum available bytes are unloaded. |
- Fields for the installation's data, such as INSTDATA or the USRxx
fields, are unloaded without any decoding. The USRFLG field, however,
is treated as a hexadecimal value and is represented by X<cc>.
- A single byte with the value blank (X'40') is placed
between each field in the output record. This makes it easier to understand
the output file when it is viewed.
- Fields in the database which contain null data have blanks unloaded,
except for integer fields, which have a zero value unloaded. (Data
is treated as null if 'FF' is coded as the default value for a character
set in the base segment or if zeros are used in the character field
in any segment other than the base segment.)
- Fields are converted to a readable form without interpretation
of the current date or other information within the database.
For
example, a user who shows as revoked when listed by LISTUSER, does
not show as revoked with the raw UNLOAD data. If the revoked date
is past, LISTUSER processes the data and shows the user as ATTRIBUTES=REVOKED,
however the FLAG4 (USBD_REVOKE) bit in the unload data shows as NO.
Also,
a protected user might show as N/A in the LISTUSER field for PASS-INTERVAL=,
however the UNLOAD data might show a residual value in USBD_PWD_INTERVAL.
For
more information, see in z/OS Security Server RACF Security Administrator's Guide.