|
RACF® writes record type
80 for the following detected events: - Unauthorized attempts to enter the system. For example,
during RACF processing of a
RACROUTE REQUEST=VERIFY macro instruction, RACF found that a RACF-defined user either (1)
has supplied an invalid password, OIDCARD, or group name, (2) is not
authorized access to the terminal, or (3) had insufficient security
label authority.
RACF always
writes this violation record when it detects the unauthorized attempt;
this violation record supplements the information that RACF sends to the security console in RACF message ICH408I.
- Authorized attempts to enter the system. RACF provides a RACROUTE REQUEST=VERIFY option
to log successful signons and signoffs as well as ENVIR=CREATE or
ENVIR=DELETE signons and signoffs. For the LOG keyword on the RACROUTE
REQUEST=VERIFY macros, LOG=ALL or LOG=ASIS may be specified to control
the generation of log records for RACROUTE REQUEST=VERIFY. The value
of the LOG keyword is passed to both the RACROUTE REQUEST=VERIFY preprocessing
and postprocessing installation exits. Both exits are invoked before
the generation of a log record, and the LOG keyword value can be changed
for both exits.
- Authorized accesses or unauthorized attempts to access RACF-protected
resources. During RACF processing
of a RACROUTE REQUEST=AUTH or REQUEST=DEFINE macro instruction, RACF found that one of the following
events occurred:
- The user was permitted access to a RACF-protected resource and
allowed to perform the requested operation.
- The user did not have sufficient access or group authority to
access a RACF-protected resource, or supplied invalid data while attempting
to perform an operation on a RACF-protected resource.
In the first case, RACF writes
the record if the ALL or SUCCESS logging option is set in the resource
profile by the ADDSD, ALTDSD, RALTER, or RDEFINE command and the access
type is within the scope of the valid access types. RACF also writes the record if logging has been
unconditionally requested by a RACROUTE REQUEST=AUTH postprocessing
exit routine.
In the second case, RACF writes
the violation record if the ALL or FAILURES logging option is set
in the resource profile by the ADDSD, ALTDSD, RALTER, or RDEFINE command,
or if logging is unconditionally requested by a RACROUTE REQUEST=AUTH
postprocessing exit routine. The violation record supplements the
information that RACF sends
to the security console in RACF message
ICH408I.
Note
that the FAILURES (READ) option is the default in cases where new
resources are RACF-protected.
For the preceding events, a RACROUTE
REQUEST=AUTH exit routine can modify the logging options by changing
the LOG parameter on a RACROUTE REQUEST=AUTH macro instruction from
ASIS to NOFAIL, NONE, or NOSTAT, or by unconditionally requesting
or suppressing logging with the logging control field. For information
about the LOG parameter of a RACROUTE REQUEST=AUTH macro instruction,
see z/OS Security Server RACROUTE Macro Reference.
For information about the logging options of the ADDSD, ALTDSD, ALTUSER,
RALTER, RDEFINE, and SETROPTS commands, see z/OS Security Server RACF Command Language Reference.
- Authorized or unauthorized attempts to modify profiles on a RACF database. During RACF command processing, RACF found that a user with the
AUDITOR attribute specified that the following be logged:
- All detected changes to a RACF database
by RACF commands or a RACROUTE
REQUEST=DEFINE
- All RACF commands (except
LISTDSD, LISTGRP, LISTUSER, RLIST, and SEARCH) issued by users with
the SPECIAL attribute
- All violations detected by RACF commands
(except LISTGRP, LISTUSER, RLIST, and SEARCH)
- Every RACROUTE REQUEST=AUTH and RACROUTE REQUEST=DEFINE issued
for the user and all RACF commands
(except LISTGRP, LISTUSER, RLIST and SEARCH) issued by the user
In the first three cases, RACF writes
records if a user with the AUDITOR attribute specified AUDIT, SAUDIT,
and CMDVIOL, in that order, on the SETROPTS command. In the fourth
case, RACF writes the records
if a user with the AUDITOR attribute specified UAUDIT on the ALTUSER
command.
You can use SMF records to: - Track the total use of a sensitive resource (if the ALL option
is set)
- Identify the resources that are repeated targets of detected unauthorized
attempts to access them (if the ALL or FAILURES option is set)
- Identify the users who make detected unauthorized requests
- Track SPECIAL user activity
- Track activity of a particular user
In most cases, RACF writes
one record for each event. (RACF can
write two records for one operation on a resource for example, when
a RACF-protected DASD data set is deleted with scratch.)
Format of SMF type 80 records
SMF type 80 records contain the following information:
- The record type
- Time stamp (time and date)
- Processor identification
- Event code and qualifier (explained in Table of event codes and event code qualifiers)
- User identification
- Group name
- A count of the relocate sections
- Authorities used to successfully execute commands or access resources
- Reasons for logging
- Command processing error flag
- Foreground user terminal ID
- Foreground user terminal level number
- Job log number (job name, entry time, and date)
- RACF version, release,
and modification number
- Security label of user
The data in the relocate sections is explained in the following
tables:
The log record RACF creates
is a standard SMF record with the type 80 format. Table 1 describes the format of the type
80 record.
Table 1. Format of the SMF type
80 recordOffsets |
---|
Dec. |
Hex. |
Name |
Length |
Format |
Description |
---|
0 |
0 |
SMF80LEN |
2 |
Binary |
Record length. |
2 |
2 |
SMF80SEG |
2 |
Binary |
Segment descriptor. |
4 |
4 |
SMF80FLG |
1 |
Binary |
System indicator - Bit
- Meaning when set
- 0-2
- Reserved for IBM's use
- 3
- MVS/ or 5
- 4
- MVS/
- 5
- MVS/
- 6
- VS2
- 7
- Reserved for IBM's use.
Note: For MVS/, bits 3, 4, 5, and 6 will be on.
|
5 |
5 |
SMF80RTY |
1 |
Binary |
Record type: 80 (X'50'). |
6 |
6 |
SMF80TME |
4 |
Binary |
Time of day, in hundredths of a second, that the
record was moved to the SMF buffer. |
10 |
A |
SMF80DTE |
4 |
packed |
Date that the record was moved to the SMF buffer,
in the form 0cyydddF (where F is
the sign). |
14 |
E |
SMF80SID |
4 |
EBCDIC |
System identification (from the SID parameter). |
18 |
12 |
SMF80DES |
2 |
Binary |
Descriptor flags - Bit
- Meaning when set
- 0
- The event is a violation
- 1
- User is not defined to RACF
- 2
- Record contains a version indicator (see SMF80VER)
- 3
- The event is a warning
- 4
- Record contains a version, release, and modification level number
(see SMF80VRM)
- 5-15
- Reserved for IBM's use.
|
20 |
14 |
SMF80EVT |
1 |
Binary |
Event code. |
21 |
15 |
SMF80EVQ |
1 |
Binary |
Event code qualifier. |
22 |
16 |
SMF80USR |
8 |
EBCDIC |
Identifier of the user associated with this event
(jobname is used if the user is not defined to RACF). |
30 |
1E |
SMF80GRP |
8 |
EBCDIC |
Group to which the user was connected (stepname
is used if the user is not defined to RACF). |
38 |
26 |
SMF80REL |
2 |
Binary |
Offset to the first relocate section from
SMF80FLG. |
40 |
28 |
SMF80CNT |
2 |
Binary |
Count of the number of relocate sections. |
42 |
2A |
SMF80ATH |
1 |
Binary |
Authorities used for processing commands or accessing
resources. (See Note 1.)- Bit
- Meaning when set
- 0
- Normal authority check (resource access)
- 1
- SPECIAL attribute (command processing)
- 2
- OPERATIONS attribute (resource access, command processing)
- 3
- AUDITOR attribute (command processing)
- 4
- Installation exit processing (resource access)
- 5
- Failsoft processing (resource access)
- 6
- Bypassed-user ID = *BYPASS* (resource access)
- 7
- Trusted attribute (resource access).
|
43 |
2B |
SMF80REA |
1 |
Binary |
Reason for logging. These flags indicate the reason RACF produced the SMF record. (See Note 2.)- Bit
- Meaning when set
- 0
- SETROPTS AUDIT(class)changes to this class of profile are being
audited.
- 1
- User being audited.
- 2
- SPECIAL or OPERATIONS user being audited. (See Note 2.)
- 3
- Access to the resource is being audited due to the AUDIT option
(specified when profile created or altered by a RACF command), a logging request from the RACROUTE
REQUEST=AUTH exit routine, or because the operator granted access
during failsoft processing.
- 4
- RACROUTE REQUEST=VERIFY or initACEE failure.
- 5
- This command is always audited.
- 6
- Violation detected in command and CMDVIOL is in effect.
- 7
- Access to entity being audited due to GLOBALAUDIT option.
|
44 |
2C |
SMF80TLV |
1 |
Binary |
Terminal level number of foreground user (zero
if not available). |
45 |
2D |
SMF80ERR |
1 |
Binary |
Command processing error flag. (See Note 3.)- Bit
- Meaning when set
- 0
- Command had error and RACF could
not back out some changes
- 1
- No profile updates were made because of error in RACF processing
- 2-7
- Reserved for IBM's use.
|
46 |
2E |
SMF80TRM |
8 |
EBCDIC |
Terminal ID of foreground user (zero if not available). |
54 |
36 |
SMF80JBN |
8 |
EBCDIC |
Job name. For RACROUTE REQUEST=VERIFY records
for batch jobs, this field can be zero. |
62 |
3E |
SMF80RST |
4 |
Binary |
Time, in hundredths of a second, that the reader
recognized the JOB statement for this job. For RACROUTE REQUEST=VERIFY
records for batch jobs, this field can be zero. |
66 |
42 |
SMF80RSD |
4 |
packed |
Date the reader recognized the JOB statement for
this job, in the form 0cyydddF (where F is
the sign). For RACROUTE REQUEST=VERIFY records for batch jobs, this
field can be zero. |
70 |
46 |
SMF80UID |
8 |
EBCDIC |
User identification field from the SMF common
exit parameter area. For RACROUTE REQUEST=VERIFY records for batch
jobs, this field can be zero. |
78 |
4E |
SMF80VER |
1 |
Binary |
Version indicator (8 = Version 1, Release 8 or
later). As of RACF 1.8.1, SMF80VRM
is used instead. |
79 |
4F |
SMF80RE2 |
1 |
Binary |
Additional reasons for logging - Bit
- Meaning when set
- 0
- Security level control for auditing
- 1
- VMEVENT Auditing
- 2
- Class being audited due to SETROPTS LOGOPTIONS
- 3
- Audited due to SETROPTS SECLABELAUDIT
- 4
- Entity audited due to SETROPTS COMPATMODE
- 5
- Audited due to SETROPTS APPLAUDIT
- 6
- Audited because user not defined to z/OS UNIX
- 7
- Audited because user does not have appropriate authority for z/OS UNIX
|
80 |
50 |
SMF80VRM |
4 |
EBCDIC |
FMID for RACF- 2020
- RACF 2.2 and OS/390 Security
Server (RACF) V1 R2
- 2030
- OS/390 Security
Server (RACF) V1 R3
- 2040
- OS/390 Security
Server (RACF) V2 R4
- 2060
- OS/390 Security
Server (RACF) V2 R6
- 2608
- OS/390 Security
Server (RACF) V2 R8
- 7703
- OS/390 Security
Server (RACF) V2 R10 and z/OS Security
Server (RACF) V1 R1
- 7705
- z/OS Security
Server (RACF) V1 R2
- 7706
- z/OS Security
Server (RACF) V1 R3
- 7707
- z/OS Security
Server (RACF) V1 R4
- 7708
- z/OS Security
Server (RACF) V1 R5
- 7709
- z/OS Security
Server (RACF) V1 R6
- 7720
- z/OS Security
Server (RACF) V1 R7
- 7730
- z/OS Security
Server (RACF) V1 R8
- 7740
- z/OS Security
Server (RACF) V1 R9
- 7750
- z/OS Security
Server (RACF) V1 R10
- 7760
- z/OS Security
Server (RACF) V1 R11
- 7770
- z/OS Security
Server (RACF) V1 R12
- 7780
- z/OS Security
Server (RACF) V1 R13
- 7790
- z/OS Security
Server (RACF) V2 R1
|
84 |
54 |
SMF80SEC |
8 |
EBCDIC |
Security label of the user. |
92 |
5C |
SMF80RL2 |
2 |
Binary |
Offset to extended-length relocate sections from
SMF80FLG. |
94 |
5E |
SMF80CT2 |
2 |
Binary |
Count of extended-length relocate sections. |
96 |
60 |
SMF80AU2 |
1 |
Binary |
Authority used continued - Bit
- Meaning when set
- 0
- z/OS UNIX superuser
- 1
- z/OS UNIX system
function
- 2-7
- Reserved for IBM's use.
|
97 |
61 |
SMF80RSV |
1 |
Binary |
Reserved for IBM's use |
Relocate section: See Table of relocate section variable data. |
0 |
0 |
SMF80DTP |
1 |
Binary |
Data type |
1 |
1 |
SMF80DLN |
1 |
Binary |
Length of data that follows |
2 |
2 |
SMF80DTA |
1-255 |
mixed |
Data |
Extended-length relocate section: See Table of extended-length relocate section variable data. |
0 |
0 |
SMF80TP2 |
2 |
Binary |
Data type |
2 |
2 |
SMF80DL2 |
2 |
Binary |
Length of data that follows |
4 |
4 |
SMF80DA2 |
variable |
EBCDIC |
Data |
Note: - SMF80ATH: These flags indicate the authority
checks made for the user who requested the action. The RACF commands use bits 0, 1, and 3; the RACF requests use bits 0, 2, and
4-7.
- Bit 0 indicates that the user's authority to issue the command
or SVC was determined by the checks for a user with the SPECIAL, OPERATIONS,
or AUDITOR attribute. This bit indicates that the tests were made,
not that the user passed the tests and has authority to issue the
command. This bit is not set on if the user has the AUDITOR attribute
and entered the command with only those operands that require the
AUDITOR attribute.
- Bit 1 indicates that the user has the SPECIAL attribute and used
this authority to issue the command. If the user also has the AUDITOR
attribute and entered the command with only those operands that require
the AUDITOR attribute, this bit is not set on because the user did
not use their authority as a user with the SPECIAL attribute.
- Bit 2 is set by RACROUTE REQUEST=AUTH and RACROUTE REQUEST=DEFINE
and indicates that the user has the OPERATIONS attribute and used
this authority to obtain access to the resource.
- Bit 3 indicates that the user has the AUDITOR attribute and used
this authority to issue the command with operands that require the
AUDITOR attribute.
- Bit 4 indicates that the user has authority because the exit routine
indicated that the request is to be accepted without any further authority
checks.
- Bit 5 indicates that resource access was granted by the operator
during failsoft processing.
- Bit 6 indicates that *BYPASS* was specified on the user ID field.
Access was granted because RACF authority
checking was bypassed.
- Bit 7 indicates that the user has the trusted attribute.
- SMF80REA: These flags indicate the reason RACF produced the SMF record.
- Bit 0 is set when there are changes made to a profile in a class
specified in the AUDIT operand of the SETROPTS command.
- Bit 1 is set when a user with the AUDITOR attribute specifies
the UAUDIT operand on the ALTUSER command for a user and the user
has changed RACF profiles with
a RACF command, or a RACROUTE
REQUEST=AUTH or RACROUTE REQUEST=DEFINE has been issued for the user.
- Bit 2 is set when a user with the AUDITOR attribute specifies
the SAUDIT or OPERAUDIT operand on the SETROPTS command and a user
with either the SPECIAL or OPERATIONS attribute has changed RACF profiles with a RACF command. To determine whether SPECIAL or
OPERATIONS authority was used, see the flags in SMF80ATH. Bit 1 indicates
SPECIAL. Bit 2 indicates OPERATIONS. Note that if a user has both
the AUDITOR attribute and either the SPECIAL or OPERATIONS attribute
when issuing a command with operands that require only the AUDITOR
attribute, RACF does not log
this activity because the SPECIAL or OPERATIONS authority is not used.
- Bit 3 is set if:
- The AUDIT option in the resource profile specifies that attempts
to access the resource be logged.
- The RACROUTE REQUEST=AUTH exit routine specifies unconditional
logging.
- The console operator grants the resource access during failsoft
processing.
- Bit 4 is set when the RACROUTE REQUEST=VERIFY fails to verify
a user because of an invalid group, password, terminal, or OIDCARD,
or initACEE fails because a certificate in not defined or is not trusted.
- Bit 5 is set if the RVARY or SETROPTS command produced the SMF
record. (The execution of these two commands always produces an SMF
record.)
- Bit 6 is set when a user with the AUDITOR attribute specifies
logging of command violations (with the CMDVIOL operand on the SETROPTS
command) and RACF detects a
violation.
- Bit 7 is set when attempts to access a RACF-protected resource
are being logged, as requested by the GLOBALAUDIT option in the resource
profile.
- SMF80ERR: These flags indicate errors during
command processing and the extent of the processing.
|
Table of event codes and event code qualifiers
This table describes the SMF80EVT (event code) and SMF80EVQ (event
code qualifier) fields.
The event code qualifier is 0 if the recorded event is not a violation
or a warning. There are exceptions for event code 1 (Job initiation/TSO
logon/logoff); event qualifier codes 8, 12, 13 and 32 are not violations
or warnings.
For event codes 8 through 25, an event code qualifier of 1 indicates
one of the following: - The command user is not RACF-defined.
- The command user is not authorized to change the requested profiles
on the RACF database.
- The command user does not have sufficient authority for any of
the operands on the command.
For event codes 8 through 25, an event code qualifier of 2 indicates
that the command user does not have sufficient authority to specify
some of the operands, but RACF performed
the processing for the operands for which the user has sufficient
authority.
Event code qualifiers of 3 and 4 apply to the ADDSD, ALTDSD, and
DELDSD commands. They indicate whether the retrieval of the data set
affected by the security label change was successful (3) or not (4).
For detailed descriptions of the SMF event code qualifiers, refer
to Event code qualifier descriptions. Event 1( 1): JOB INITIATION / TSO LOGON/LOGOFF (detected by
RACINIT request) |
---|
Code Qualifier Dec(Hex) |
Description |
Relocate type sections (Possible SMF80DTP/ SMF80DA2 Values) |
---|
0( 0) |
Successful Initiation |
1, 17, 20, 46, 47, 49, 53, 55, 331, 332, 374,
386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Password not valid |
|
2( 2) |
Group not valid |
|
3( 3) |
OIDCARD not valid |
|
4( 4) |
Terminal/console not valid |
|
5( 5) |
Application not valid |
|
6( 6) |
Revoked user attempting access |
|
7( 7) |
User ID automatically revoked because of excessive
password and password phrase attempts. |
|
8( 8) |
Successful termination |
|
9( 9) |
Undefined user ID |
|
10( A) |
Insufficient security label authority |
|
11( B) |
Not authorized to security label |
|
12( C) |
Successful RACINIT initiation |
|
13( D) |
Successful RACINIT delete |
|
14( E) |
System now requires more authority |
|
15( F) |
Remote job entry - job not authorized |
|
16(10) |
SURROGAT class is inactive |
|
17(11) |
Submitter is not authorized by user |
|
18(12) |
Submitter not authorized to security label |
|
19(13) |
User is not authorized to job |
|
20(14) |
WARNING - Insufficient security label authority |
|
21(15) |
WARNING - security label missing from user, job,
or profile |
|
22(16) |
WARNING - not authorized to security label |
|
23(17) |
Security labels not compatible |
|
24(18) |
WARNING - security labels not compatible |
|
25(19) |
Current PASSWORD has expired |
|
26(1A) |
Invalid new PASSWORD |
|
27(1B) |
Verification failed by installation |
|
28(1C) |
Group access has been revoked |
|
29(1D) |
OIDCARD is required |
|
30(1E) |
Network job entry - job not authorized |
|
31(1F) |
Warning - unknown user from trusted node propagated |
|
32(20) |
Successful initiation using PassTicket |
|
33(21) |
Attempted replay of PassTicket |
|
34(22) |
Client security label not equivalent to server's |
|
35(23) |
User automatically revoked because of inactivity |
|
36(24) |
Password phrase is not valid |
|
37(25) |
New password phrase is not valid |
|
38(26) |
Current password phrase has expired |
|
39(27) |
No RACF user
ID found for distributed identity |
|
Event 2( 2): RESOURCE ACCESS (detected by RACROUTE REQUEST=AUTH,
RACROUTE REQUEST=FASTAUTH and DIRAUTH function) |
---|
Code Qualifier Dec(Hex) |
Description |
Relocate type sections (Possible SMF80DTP/ SMF80DA2 Values) |
---|
0( 0) |
Successful access |
1, 3, 4, 5, 15, 16, 17, 20, 33, 38, 46, 48, 49,
50, 51, 53, 54, 55, 64, 65, 66, 331, 332, 386, 390 (see Notes 1 and
2), 392, 393, 394, 395, 396 (see Note 3), 424, 425 |
1( 1) |
Insufficient authority |
|
2( 2) |
Profile not found - RACFIND specified on macro |
|
3( 3) |
Access permitted because of warning |
|
4( 4) |
Failed because of PROTECTALL |
|
5( 5) |
WARNING issued because of PROTECTALL |
|
6( 6) |
Insufficient CATEGORY/SECLEVEL |
|
7( 7) |
Insufficient security label authority |
|
8( 8) |
WARNING - security label missing from job, user,
or profile |
|
9( 9) |
WARNING - insufficient security label authority |
|
10( A) |
WARNING - Data set not cataloged |
|
11( B) |
Data set not cataloged |
|
12( C) |
Profile not found - required for authority checking |
|
13( D) |
WARNING - insufficient CATEGORY/SECLEVEL |
|
14( E) |
WARNING - Non-MAIN execution environment detected
while in ENHANCED PGMSECURITY mode. Conditional access or use of EXECUTE-controlled
program temporarily allowed. |
|
15( F) |
Conditional access or use of EXECUTE-controlled
program allowed through BASIC mode program while in ENHANCED PGMSECURITY
mode. |
|
Note 1: The SMF80DTP
value 4 (access authority allowed) can be less than the SMF80DTP value
3 (access authority requested) in two cases: - When RACF authorizes access
to a user who requested access to a database because the user has
the OPERATIONS attribute.
- When the RACROUTE REQUEST=AUTH exit routine returns a return code
of 12, which indicates that the request should be granted.
Note 2: The SMF80DTP value of 16 appears only when
the RACROUTE REQUEST=AUTH received an old volume (OLDVOL) as input.
The value of 33 appears when a generic profile is used.
Note
3: Relocate 396 appears with event code qualifier 0. It appears
only when access is granted because of the criteria entries on the
conditional access list.
|
Event 3( 3): ADDVOL/CHGVOL (detected by RACROUTE REQUEST=DEFINE
TYPE=ADDVOL or CHGVOL) |
---|
Code Qualifier Dec(Hex) |
Description |
Relocate type sections (Possible SMF80DTP/ SMF80DA2 Values) |
---|
0( 0) |
Successful processing of new volume |
1, 4, 5, 15, 16, 17, 33, 38, 44, 46, 49, 53, 51,
55, 331, 332, 386 (see Note), 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (DATASET only) |
|
2( 2) |
Insufficient security label authority |
|
3( 3) |
Less specific profile exists with different security
label |
|
Note: The SMF80DTP value of 16
appears only when the RACROUTE REQUEST=AUTH received an old volume
(OLDVOL) as input. The value of 33 appears when a generic profile
is used.
|
Event 4( 4): RENAME RESOURCE (detected by RACROUTE REQUEST=DEFINE
with TYPE=DEFINE and NEWNAME specified) |
---|
Code Qualifier Dec(Hex) |
Description |
Relocate type sections (Possible SMF80DTP/ SMF80DA2 Values) |
---|
0( 0) |
Successful rename |
1, 2, 5, 15, 17, 33, 38, 44, 46, 49, 51, 53, 55,
331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Group not valid |
|
2( 2) |
User not in group |
|
3( 3) |
Insufficient authority |
|
4( 4) |
Resource name already defined |
|
5( 5) |
User not defined to RACF |
|
6( 6) |
Resource not protected |
|
7( 7) |
WARNING - resource not protected |
|
8( 8) |
User in second qualifier is not RACF-defined |
|
9( 9) |
Less specific profile exists with different security
label |
|
10( A) |
Insufficient security label authority |
|
11( B) |
Resource not protected by security label |
|
12( C) |
New name not protected by security label |
|
13( D) |
New security label must dominate old security
label |
|
14( E) |
Insufficient security label authority |
|
15( F) |
WARNING - resource not protected by security label |
|
16(10) |
WARNING - new name not protected by security label |
|
17(11) |
WARNING - new security label must dominate old
security label |
|
Note: In cases where the RACROUTE
REQUEST=DEFINE is used to rename a resource (SMF80EVT=4), the data
type 33 relocate section can hold a resource name that is either the
old name or the new name, or it can hold the generic profile that
protects the old or the new name.
|
Event 5( 5): DELETE RESOURCE (detected by RACROUTE REQUEST=DEFINE,
TYPE=DELETE or DELETE) |
---|
Code Qualifier Dec(Hex) |
Description |
Relocate type sections (Possible SMF80DTP/ SMF80DA2 Values) |
---|
0( 0) |
Successful scratch |
1, 5, 15, 17, 33, 38, 44, 46, 49, 51, 53, 55,
331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Resource not found |
|
2( 2) |
Invalid volume identification (DATASET only) |
|
Event 6( 6): DELETE 1 VOLUME OF MULTIVOLUME RESOURCE (detected
by RACROUTE REQUEST=DEFINE, TYPE=DELETE) |
---|
Code Qualifier Dec(Hex) |
Description |
Relocate type sections (Possible SMF80DTP/ SMF80DA2 Values) |
---|
0( 0) |
Successful deletion |
1, 5, 8, 15, 17, 38, 44, 46, 49, 51, 53, 55, 331,
332, 386, 392, 393, 394, 395, 424, 425 |
Event 7( 7): DEFINE RESOURCE (detected by RACROUTE REQUEST=DEFINE,
TYPE=DEFINE) |
---|
Code Qualifier Dec(Hex) |
Description |
Relocate type sections (Possible SMF80DTP/ SMF80DA2 Values) |
---|
0( 0) |
Successful definition |
1, 5, 15, 17, 18, 19, 33, 38, 44, 46, 49, 51,
53, 55, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Group undefined |
|
2( 2) |
User not in group |
|
3( 3) |
Insufficient authority |
|
4( 4) |
Resource name already defined |
|
5( 5) |
User not defined to RACF |
|
6( 6) |
Resource not protected |
|
7( 7) |
WARNING - resource not protected |
|
8( 8) |
WARNING - security label missing from job, user,
or profile |
|
9( 9) |
WARNING - insufficient security label authority |
|
10( A) |
User in second qualifier is not RACF-defined |
|
11( B) |
Insufficient security label authority |
|
12( C) |
Less specific profile exists with a different
security label |
|
EVENT dec(hex) |
Command |
Code qualifier dec(hex) |
Description |
Relocate type sections (possible SMF80DTP/ SMF80DA2 values) |
---|
8( 8) |
ADDSD |
0( 0) |
No violations detected |
6, 7, 10, 13, 33,
38, 40, 44, 49, 50, 51, 53, 55, 62, 63, 331, 332, 386, 392, 393, 394,
395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
3( 3) |
Successful retrieval of data set names affected
by a security label change |
4( 4) |
Error during retrieval of data set names affected
by a security label change |
9( 9) |
ADDGROUP |
0( 0) |
No violations detected |
6, 7, 37, 38, 44,
49, 53, 55, 63, 301, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
10( A) |
ADDUSER |
0( 0) |
No violations detected |
6, 7, 8, 28, 37, 38,
40, 44, 49, 53, 55, 301, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
11( B) |
ALTDSD |
0( 0) |
No violations detected |
6, 7, 10, 11, 33,
38, 40, 41, 44, 49, 50, 51, 53, 55, 62, 63, 331, 332, 386, 392, 393,
394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
3( 3) |
Successful retrieval of data set names affected
by a security label change |
4( 4) |
Error during retrieval of data set names affected
by a security label change |
12( C) |
ALTGROUP |
0( 0) |
No violations detected |
6, 7, 37, 38, 44,
49, 53, 55, 301, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
13( D) |
ALTUSER |
0( 0) |
No violations detected |
6, 7, 8, 28, 37, 38,
40, 41, 44, 49, 53, 55, 301, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
14( E) |
CONNECT |
0( 0) |
No violations detected |
6, 38, 49, 53, 55,
331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF |
2( 2) |
Keyword violations detected (partial update to RACF database) |
15( F) |
DELDSD |
0( 0) |
No violations detected |
6, 38, 49, 50, 51,
53, 55, 62, 63, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
3( 3) |
Successful retrieval of data set names affected
by a security label change |
4( 4) |
Error during retrieval of data set names affected
by a security label change |
16(10) |
DELGROUP |
0( 0) |
No violations detected |
6, 38, 44, 49, 53,
55, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
17(11) |
DELUSER |
0( 0) |
No violations detected |
6, 38, 44, 49, 53,
55, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
18(12) |
PASSWORD |
0( 0) |
No violations detected |
6, 38, 49, 53, 331,
332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to
the RACF database) |
19(13) |
PERMIT |
0( 0) |
No violation detected |
6, 9, 12, 13, 14,
17, 26, 38, 39, 49, 53, 55, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Insufficient authority (partial update to RACF database) |
20(14) |
RALTER |
0( 0) |
No violations detected |
6, 7, 9, 10, 11, 17,
24, 25, 29, 33, 38, 40, 41, 44, 49, 50, 51, 53, 55, 301, 331, 332,
386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
21(15) |
RDEFINE |
0( 0) |
No violations detected |
6, 7, 9, 13, 17, 24,
29, 33, 38, 40, 44, 49, 50, 51, 53, 55, 301, 331, 332, 386, 392, 393,
394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
22(16) |
RDELETE |
0( 0) |
No violations detected |
6, 9, 17, 38, 44,
49, 50, 51, 53, 55, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
23(17) |
REMOVE |
0( 0) |
No violations detected |
6, 17, 38, 49, 53,
55, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
24(18) |
SETROPTS |
0( 0) |
No violations detected |
6, 21, 22, 23, 27,
32, 34, 35, 36, 42, 43, 44, 45, 49, 53, 55, 331, 332, 386, 392, 393,
394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
25(19) |
RVARY |
0( 0) |
No violations detected |
6, 27, 30, 31, 49,
53, 55, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
2( 2) |
Keyword violations detected (partial update to RACF database) |
26(1A) |
APPC SESSION ESTABLISHMENT |
0( 0) |
Partner verification was successful |
1, 17, 33, 38, 49,
53, 55, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Session established without verification |
2( 2) |
Local LU key will expire in <= 5 days |
3( 3) |
Partner LU access has been revoked |
4( 4) |
Partner LU key does not match this LU key |
5( 5) |
Session terminated for security reason |
6( 6) |
Required SESSION KEY not defined |
7( 7) |
Possible security attack by partner LU |
8( 8) |
SESSION KEY not defined for partner LU |
9( 9) |
SESSION KEY not defined for this LU |
10( A) |
SNA security-related protocol error |
11( B) |
Profile change during verification |
12( C) |
Expired SESSION KEY |
27(1B) |
GENERAL |
0( 0) |
General purpose auditing |
17, 46, 49, 53, 55, 331, 332, 386,
392, 393, 394, 395, 424, 425 |
28(1C) |
DIRECTORY SEARCH |
0( 0) |
Access allowed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265 266, 267, 268, 269,
270, 291, 295, 297, 298, 299, 307, 308, 309, 310, 315, 316, 317, 331,
332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Not authorized to search directory |
2( 2) |
Security label failure |
29(1D) |
CHECK ACCESS TO DIRECTORY |
0( 0) |
Access allowed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264 265, 266, 267, 268, 269,
270, 297, 298, 299, 307, 308, 309, 310, 315, 316, 317, 331, 332, 386,
392, 393, 394, 395, 424, 425 |
1( 1) |
Caller does not have requested access authority |
2( 2) |
Security label failure |
30(1E) |
CHECK ACCESS TO FILE |
0( 0) |
Access allowed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269,
270, 298, 299, 307, 308, 309, 310, 315, 316, 317, 331, 332, 386, 392,
393, 394, 395, 424, 425 |
1( 1) |
Caller does not have requested access authority |
2( 2) |
Security label failure |
31(1F) |
CHAUDIT |
0( 0) |
File's audit options changed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 292, 293, 294,
307, 308, 309, 310, 315, 316, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
Caller does not have authority to change user
audit options of specified file |
2( 2) |
Caller does not have authority to change auditor
audit options |
3( 3) |
Security label failure |
32(20) |
CHDIR |
0( 0) |
Current working directory changed |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 315, 316, 317, 331,
332, 386, 392, 393, 394, 395, 424, 425 |
* |
Failures logged as directory search event types |
33(21) |
CHMOD |
0( 0) |
File's mode changed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 263, 264, 265, 266, 289, 290, 296, 307,
308, 309, 310, 315, 316, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
Caller does not have authority to change mode
of specified file |
2( 2) |
Security label failure |
34(22) |
CHOWN |
0( 0) |
File's owner or group owner changed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 280, 281, 307,
308, 309, 310, 315, 316, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
Caller does not have authority to change owner
or group owner of specified file |
2( 2) |
Security label failure |
35(23) |
CLEAR SETID BITS FOR
FILE |
0( 0) |
S_ISUID, S_ISGID, and S_ISVTX bits
changed to zero (write) |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 289, 290, 317, 331,
332, 386, 392, 393, 394, 395, 424, 425 |
|
No failure cases |
36(24) |
EXEC WITH SETUID/SETGID |
0( 0) |
Successful change of z/OS UNIX user identifiers
(UIDs) and z/OS UNIX group
identifiers (GIDs). |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 272, 273, 274, 275, 276, 277, 317, 331,
332, 386, 392, 393, 394, 395, 424, 425 |
|
No failure cases. Access to program file is audited
via an internal open |
37(25) |
GETPSENT |
0( 0) |
Access allowed |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 282, 283, 284, 288, 317, 331, 332, 386, 392,
393, 394, 395, 424, 425 |
1( 1) |
Not authorized to access specified process |
38(26) |
INITIALIZE z/OS UNIX PROCESS (DUB) |
0( 0) |
z/OS UNIX process successfully
initiated |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
User not defined as a z/OS UNIX user (no user
profile or no OMVS segment) |
2( 2) |
User incompletely defined as a z/OS UNIX user (no z/OS UNIX user identifier
(UID) in user profile) |
3( 3) |
User's current group has no z/OS UNIX group identifier
(GID). |
39(27) |
z/OS UNIX PROCESS COMPLETION
(UNDUB) |
0( 0) |
Process completed |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
|
No failure cases |
40(28) |
KILL |
0( 0) |
Access allowed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 282, 283, 284, 288, 300, 317, 331,
332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Not authorized to access specified process |
2( 2) |
Security label failure |
41(29) |
LINK |
0( 0) |
New link created |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 270, 299, 307, 308,
309, 310, 315, 316, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
* |
Failures logged as directory search or check access
event types |
42(2A) |
MKDIR |
0( 0) |
Directory successfully created |
17, 49, 50, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 289, 290, 294,
296, 307, 308, 309, 310, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
* |
Failures logged as directory search or check access
event types |
43(2B) |
MKNOD |
0( 0) |
Node successfully created |
17, 49, 50, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 289, 290, 294,
296, 307, 308, 309, 310, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
* |
Failures logged as directory search or check access
event types |
44(2C) |
MOUNT FILE SYSTEM |
0( 0) |
Successful mount |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 295, 315, 316, 317,
331, 332, 386, 392, 393, 394, 395, 424, 425 |
* |
Failures logged as ck_priv event type |
45(2D) |
OPEN (NEW FILE) |
0( 0) |
File successfully created |
17, 49, 50, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 289, 290, 294,
296, 307, 308, 309, 310, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
* |
Failures logged as directory search or check access
event types |
46(2E) |
PTRACE |
0( 0) |
Access allowed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 282, 283, 284, 285, 286, 287, 288,
317, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Not authorized to access specified process |
2( 2) |
Security label failure |
47(2F) |
RENAME |
0( 0) |
Rename successful |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 270, 271, 278, 279,
294, 299, 302, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317,
331, 332, 386, 392, 393, 394, 395, 424, 425 |
* |
Failures logged as directory search or check access
event types |
48(30) |
RMDIR |
0( 0) |
Successful rmdir |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 307, 308, 309, 310,
315, 316, 317, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
* |
Failures logged as directory search or check access
event types |
49(31) |
SETEGID |
0( 0) |
Successful change of effective z/OS UNIX group identifier
(GID). |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 275, 276, 277, 281, 317, 331, 332, 386,
392, 393, 394, 395, 424, 425 |
1( 1) |
Not authorized to setegid |
50(32) |
SETEUID |
0( 0) |
Successful change of effective z/OS UNIX user identifier
(UID). |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 272, 273, 274, 280, 317, 331, 332, 386,
392, 393, 394, 395, 424, 425 |
1( 1) |
Not authorized to seteuid |
51(33) |
SETGID |
0( 0) |
Successful change of z/OS UNIX group identifiers
(GIDs). |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 275, 276, 277, 281, 317, 331, 332, 386,
392, 393, 394, 395, 424, 425 |
1( 1) |
Not authorized to setgid |
52(34) |
SETUID |
0( 0) |
Successful change of z/OS UNIX user identifiers
(UIDs). |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 272, 273, 274, 280, 317, 331, 332, 386,
392, 393, 394, 395, 424, 425 |
1( 1) |
Not authorized to setuid |
53(35) |
SYMLINK |
0( 0) |
Successful symlink |
17, 49, 50, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 297, 307, 308,
309, 310, 317, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
* |
Failures logged as directory search or check access
event types |
54(36) |
UNLINK |
0( 0) |
Successful unlink |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 302, 307, 308, 309,
310, 315, 316, 317, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
* |
Failures logged as directory search or check access
event types |
55(37) |
UNMOUNT THE SYSTEM |
0( 0) |
Successful unmount |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 295, 315, 316, 317,
331, 332, 386, 392, 393, 394, 395, 424, 425 |
* |
Failures logged as ck_priv event type |
56(38) |
CHECK FILE OWNER |
0( 0) |
User is the owner |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 307, 308, 309,
310, 315, 316, 317, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
User is not the owner |
2( 2) |
Security label failure |
57(39) |
CK_PRIV |
0( 0) |
User is authorized |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 315, 316, 317, 331, 332, 386, 392, 393,
394, 395, 424, 425 |
1( 1) |
User is not authorized to use requested function |
58(3A) |
OPEN SLAVE TTY |
0( 0) |
Access allowed |
17, 49, 53, 55, 256,
257, 258, 259, 260, 261, 262, 282, 283, 284, 288, 317, 331, 332, 386,
392, 393, 394, 395, 424, 425 |
1( 1) |
Not authorized to access specified process |
59(3B) |
RACLINK |
0( 0) |
Access allowed |
6, 49, 53, 331, 332,
386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority |
2( 2) |
Keyword violation detected |
3( 3) |
Association already defined |
4( 4) |
Association already approved |
5( 5) |
Association does not match |
6( 6) |
Association does not exist |
7( 7) |
Password not valid or user ID is revoked |
60(3C) |
CHECK IPC ACCESS |
0( 0) |
Access allowed |
17, 49, 51, 56, 256,
257, 258, 259, 260, 261, 262, 265, 266, 267, 268, 269, 303, 304, 305,
306, 317, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Caller does not have proper access authority |
2( 2) |
Security label failure |
61(3D) |
IPCGET (MAKE ISP) |
0( 0) |
Successful creation of ISP |
17, 49, 51, 56, 256,
257, 258, 259, 260, 261, 262, 265, 266, 269, 303, 304, 305, 306, 317,
331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Security label failure |
62(3E) |
R_IPC control |
0( 0) |
Access allowed |
17, 49, 51, 56, 256,
257, 258, 259, 260, 261, 262, 265, 266, 280, 281, 289, 290, 291, 296,
303, 304, 305, 306, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
Caller does not have proper authority. |
2( 2) |
Security label failure |
63(3F) |
SETGROUP |
0( 0) |
Access allowed |
17, 49, 53, 55, 256, 257, 258, 259,
260, 261, 262, 315, 316, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
Not authorized to access specified process |
64(40) |
CHECK OWNER, TWO FILES |
0( 0) |
User is the owner |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 271, 278, 279,
315, 316, 317, 331, 332, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
User is not the owner |
2( 2) |
Security label failure |
65(41) |
R_AUDIT |
0( 0) |
Successful r_audit |
17, 49, 53, 55, 256, 257, 258, 259,
260, 261, 262, 263, 264, 317, 331, 332, 386, 392, 393, 394, 395, 424,
425 |
|
No failure case |
66(42) |
RACDCERT |
0( 0) |
No violation detected |
6, 49, 53, 318, 319, 320, 321, 322,
323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 336, 337, 338, 339,
386, 392, 393, 394, 395, 398, 399, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
67(43) |
INITACEE |
0( 0) |
Successful certificate registration |
49, 53, 318, 319,
331, 332 374, 386, 392, 393, 394, 395, 424, 425 |
1( 1) |
Successful certificate deregistration |
2( 2) |
Not authorized to register the certificate |
3( 3) |
Not authorized to deregister the certificate |
4( 4) |
No user ID found for the certificate |
5( 5) |
The certificate is not trusted |
6( 6) |
Successful CERTAUTH certificate registration |
7( 7) |
Insufficient authority to register the CERTAUTH
certificate |
8( 8) |
Client security label not equivalent to server's |
9( 9) |
A SITE or CERTAUTH certificate was used to authenticate
a user |
10(A) |
No RACF user
ID found for distributed identity |
68(44) |
GRANT OF INITIAL KERBEROS
TICKET (reserved for use by Network Authentication Service) |
0( 0) |
Success |
333, 334, 335 |
1( 1) |
Failure |
69(45) |
R_PKIServ GENCERT |
0( 0) |
Successful GENCERT request |
46, 49, 53, 318, 319, 331, 332, 340,
341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 357, 358, 359,
373, 375, 376, 377, 378, 386, 388, 391, 392, 393, 394, 395, 422, 424, 425, 426, 427, 428 |
1( 1) |
Insufficient authority for GENCERT |
2( 2) |
Successful REQCERT request |
3( 3) |
Insufficient authority for REQCERT |
4( 4) |
Successful GENRENEW request |
5( 5) |
Insufficient authority for GENRENEW |
6( 6) |
Successful REQRENEW request |
7( 7) |
Insufficient authority for REQNRENEW |
8( 8) |
Successful PREREGISTER request |
9( 9) |
Insufficient authority for PREREGISTER |
70(46) |
R_PKIServ EXPORT |
0( 0) |
Successful EXPORT request |
46, 49, 53, 331, 332, 343, 344, 351,
359, 386, 391, 392, 393, 394, 395, 421, 424, 425 |
1( 1) |
Insufficient authority for EXPORT |
2( 2) |
Incorrect pass phrase specified for EXPORT |
71(47) |
POLICY DIRECTOR ACCESS
CONTROL DECISION (reserved for use by Policy Director Authorization Services) |
0( 0) |
Authorized |
352, 353, 354, 355,
356, 372 |
1( 1) |
Not authorized but permitted because of warning
mode |
2( 2) |
Not authorized because of insufficient traverse
authority but permitted because of warning mode |
3( 3) |
Not authorized because of time-of-day check but
permitted because of warning mode |
4( 4) |
Not authorized |
5( 5) |
Not authorized because of insufficient traverse
authority |
6( 6) |
Not authorized because of time-of-day check |
72(48) |
R_PKIServ QUERY, DETAILS,
or VERIFY |
0( 0) |
Successful admin QUERY or DETAILS
request |
20, 46, 49, 53, 318, 319, 331, 332,
340, 341, 342, 346, 351, 358, 360, 361, 362, 363, 373, 375, 386, 391,
392, 393, 394, 395, 421, 422, 424, 425, 426, 429 |
1( 1) |
Insufficient authority for admin QUERY or DETAILS |
2( 2) |
Successful VERIFY request |
3( 3) |
Insufficient authority for VERIFY |
4( 4) |
Incorrect VERIFY certificate, no record found
for this certificate |
73(49) |
R_PKIServ UPDATEREQ |
0( 0) |
Successful admin UPDATEREQ request |
46, 49, 53, 331, 332, 340, 341, 342,
346, 347, 348, 349, 350, 351, 357, 364, 365, 375, 376, 377, 378, 386,
388, 391, 392, 393, 394, 395, 424, 425, 427,
428 |
1( 1) |
Insufficient authority for admin UPDATEREQ |
74(4A) |
R_PKIServ UPDATECERT
or REVOKE |
0( 0) |
Successful admin UPDATECERT request |
48, 49, 53, 318, 331, 332,364, 365,
366, 386, 391, 392, 393, 394, 395, 423, 424, 425 |
1( 1) |
Insufficient authority for admin UPDATECERT |
2( 2) |
Successful REVOKE request |
3( 3) |
Insufficient authority for REVOKE |
75(4B) |
Change file ACL |
0( 0) |
ACL successfully changed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 307, 308, 309,
310, 315, 316, 317, 331, 332, 367, 368, 369, 370, 371, 386, 392, 393,
394, 395, 424, 425 |
1( 1) |
Insufficient authority to change ACL |
2( 2) |
Security label failure |
76(4C) |
Remove file ACL |
0( 0) |
Entire ACL removed |
17, 49, 51, 53, 55,
256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 307, 308, 309,
310, 315, 316, 317, 331, 332, 367, 386, 392, 393, 394, 395, 424,
425 |
1( 1) |
Insufficient authority to remove ACL |
2( 2) |
Security label failure |
77(4D) |
Set file security label (R_setfsecl) |
0( 0) |
Security label change successful |
17, 49, 50, 51, 53, 256, 257, 258,
259, 260, 261, 262, 263, 264, 265, 266, 317, 331, 332, 386, 392, 393,
394, 395, 424, 425 |
1( 1) |
Not authorized to change security label |
78(4E) |
Set write-down privilege (R_writepriv) |
0( 0) |
Requested function successful |
49, 53, 331, 332, 386, 392, 393,
394, 395, 424, 425 |
1( 1) |
Not authorized to IRR.WRITEDOWN.BYUSER |
79(4F) |
CRL publication |
0( 0) |
See z/OS Cryptographic Services PKI Services Guide and Reference. |
|
80(50) |
RPKIRESP |
0( 0) |
Successful RESPOND request |
46, 49, 53, 331, 332, 386, 389,
391, 392, 393, 394, 395, 424, 425 |
1( 1) |
Insufficient authority for RESPOND |
81(51) |
PassTicket evaluation |
0( 0) |
Success |
20, 48, 49, 53 |
1( 1) |
Failure |
82(52) |
PassTicket generation |
0( 0) |
Success |
20, 48, 49, 53 |
1( 1) |
Failure |
83(53) |
RPKISCEP |
0( 0) |
Successful AutoApprove PKCSReq request |
46, 49, 53, 318, 319, 331, 332,
340, 341, 342, 346, 347, 348, 349, 350, 351, 357, 358, 359, 373, 375,
386, 388, 391, 392, 393, 394, 395, 424, 425, 427, 428 |
1( 1) |
Successful AdminApprove PKCSReq request |
2( 2) |
Successful GetCertInitial request |
3( 3) |
Rejected PKCSReq or GetCertInitial request |
4( 4) |
Incorrect SCEP transaction ID specified for
GetCertInitial |
5( 5) |
Insufficient authority for SCEPREQ |
84(54) |
RDATAUPD |
0( 0) |
Successful NewRing |
49, 53, 318, 319, 320, 331, 332,
343, 344, 346, 386, 392, 393, 394, 395, 400, 401, 402, 403,
404, 405, 406, 407, 424, 425 |
1( 1) |
Not authorized to call NewRing |
2( 2) |
Successful DataPut |
3( 3) |
Not authorized to call DataPut |
4( 4) |
Successful DataRemove |
5( 5) |
Not authorized to call DataRemove |
6( 6) |
Successful DelRing |
7( 7) |
Not authorized to call DelRing |
85(55) |
PKIAURNW |
0( 0) |
Successful autoRenew |
318, 319, 341, 342, 346, 358, 363, 373, 391,
408 |
86(56) |
R_PgmSignVer |
0( 0) |
Successful signature verification |
1, 15, 46, 49, 53, 66,
331, 332, 386, 392, 393, 394, 395, 409, 410, 411, 412, 413, 414, 424,
425 |
1( 1) |
Signature appears valid but root CA certificate
not trusted |
2( 2) |
Module signature failed verification |
3( 3) |
Module certificate chain incorrect |
4( 4) |
Signature required but module not signed |
5( 5) |
Signature required but signature has been removed |
6( 6) |
Program verification module not loaded. Program
verification was not available when attempt was made to load this
program. |
7( 7) |
The algorithmic self-test failed while verifying
the program verification module. |
87(57) |
RACMAP |
0( 0) |
No violation detected |
6, 49, 53, 331, 332,
386, 392, 393, 394, 395, 415, 416, 424, 425 |
1( 1) |
Insufficient authority (no update to RACF database) |
88(58) |
AUTOPROF |
0( 0) |
Successful profile modification |
17, 49, 53, 55, 256, 257, 258,
259, 260, 261, 262, 317, 331, 332, 386, 392, 393, 394, 395, 417, 418,
419, 420, 424, 425 |
89(59) |
RPKIQREC |
0( 0) |
Successful user QRECOVER request |
20, 46, 49, 53, 318,
319, 331, 332, 341, 342, 346, 358, 386, 391, 392, 393, 394, 395, 421, 424,
425 |
1( 1) |
Insufficient authority for user QRECOVER |
Table of relocate section variable data
This table describes the variable data elements of the relocate
section.
Data type (SMF80DTP) dec(hex) |
Data length (SMF80DLN) |
Format |
Description (SMF80DTA) |
---|
1( 1) |
1-255 |
EBCDIC |
Resource name or old resource name (RACROUTE REQUEST=AUTH or
RACROUTE REQUEST=DEFINE) |
2( 2) |
1-255 |
EBCDIC |
New data set name (RACROUTE REQUEST=DEFINE) |
3( 3) |
1 |
Binary |
Access requested (see Note 1) |
4( 4) |
1 |
Binary |
Access allowed (see Note 2) |
5( 5) |
1 |
Binary |
Data set level number (00-99) |
6( 6) |
1-255 |
mixed |
RACF command-related
data (see Table of data type 6 command-related data) |
7( 7) |
1-255 |
EBCDIC |
DATA installation-defined data (ADDUSER, ALTUSER, RALTER, RDEFINE,
ADDGROUP, ALTGROUP, ADDSD, ALTDSD) |
8( 8) |
1-20 |
EBCDIC |
NAME user-name (ADDUSER, ALTUSER) |
9( 9) |
1-255 |
EBCDIC |
Resource name (PERMIT, RALTER, RDEFINE, RDELETE) |
10( A) |
7 |
EBCDIC |
Volume serial (ALTDSD ADDVOL, RALTER ADDVOL, ADDSD VOLUME).
When set on, bit 0 of the first byte indicates that the volume was
not processed. Bytes 2-7 contain the volume serial number. |
11( B) |
7 |
EBCDIC |
Volume serial (ALTDSD DELVOL, RALTER DELVOL). When set on,
bit 0 of the first byte indicates that the volume was not processed.
Bytes 2-7 contain the volume serial. |
12( C) |
9-243 |
|
1 to 27 ID names (PERMIT), each 9 bytes long |
Binary |
Byte 1: Processing flags: - Bit
- Meaning when set
- 0
- ID ignored because of processing error (see Note 3)
- 1-7
- Reserved for IBM's use
|
EBCDIC |
Bytes 2-9: ID name |
13( D) |
1-255 |
EBCDIC |
FROM resource name (PERMIT, ADDSD, RDEFINE) |
14( E) |
12 |
EBCDIC |
VOLUME volume serial (6 bytes) followed by FVOLUME volume serial
(6 bytes) (PERMIT) |
15( F) |
6 |
EBCDIC |
VOLSER volume serial (RACROUTE REQUEST=AUTH or RACROUTE REQUEST=DEFINE) (Note
that when RACROUTE REQUEST=AUTH receives a DATASET profile as input,
the volume serial logged is the first volume serial contained in the
profiles list of volume serials.)
|
16(10) |
6 |
EBCDIC |
OLDVOL volume serial (RACROUTE REQUEST=AUTH or RACROUTE REQUEST=DEFINE) (Note
that when RACROUTE REQUEST=AUTH receives a DATASET profile as input,
the volume serial logged is the first volume serial contained in the
profiles list of volume serials.)
|
17(11) |
1-8 |
EBCDIC |
Class name (RACROUTE REQUEST=AUTH or RACROUTE REQUEST=DEFINE,
RDEFINE, RALTER, RDELETE, PERMIT, or VMXEVENT auditing). For z/OS UNIX, class controlling
auditing for the request. |
18(12) |
1-255 |
EBCDIC |
MENTITY model resource name (RACROUTE REQUEST=DEFINE) |
19(13) |
6 |
EBCDIC |
Volume serial of model resource (RACROUTE REQUEST=DEFINE) |
20(14) |
8 |
EBCDIC |
Application name (RACROUTE REQUEST=AUTH or RACROUTE REQUEST=DEFINE
processed) |
21(15) |
10 |
|
Current class options (set by SETROPTS or RACF initialization) |
binary |
Byte 1: - Bit
- Meaning when set
- 0
- Statistics are in effect
- 1
- Auditing is in effect
- 2
- Protection is in effect
- 3
- Generic profile processing is in effect
- 4
- Generic command processing is in effect
- 5
- Global access checking active
- 6
- RACLIST option in effect
- 7
- GENLIST option in effect
|
EBCDIC |
Bytes 2-9: Class name Byte 10: - Bit
- Meaning when set
- 0
- Reserved for IBM's use
- 1
- LOGOPTIONS(ALWAYS) is in effect
- 2
- LOGOPTIONS(NEVER) is in effect
- 3
- LOGOPTIONS(SUCCESSES) is in effect
- 4
- LOGOPTIONS(FAILURES) is in effect
- 5
- LOGOPTIONS(DEFAULT) is in effect
- 6-7
- Reserved for IBM's use
|
22(16) |
8 |
EBCDIC |
Class name from STATISTICS/NOSTATISTICS keyword (SETROPTS) |
23(17) |
8 |
EBCDIC |
Class name from AUDIT/NOAUDIT keyword (SETROPTS) |
24(18) |
2-247 |
EBCDIC |
Resource name from ADDMEM keyword (RDEFINE, RALTER) Byte
1: - Bit
- Meaning when set
- 0
- Resource name not processed
- 1
- Resource name ignored because command user lacked sufficient authority
to perform the operation
Bytes 2-247: Resource name
|
25(19) |
2-247 |
EBCDIC |
Resource name from DELMEM keyword (RALTER). Bit 0 of the first
byte, when set on, indicates that the resource name was not processed.
Bytes 2-247 contain the resource name. |
26(1A) |
8 |
EBCDIC |
Class name from FCLASS keyword (PERMIT) |
27(1B) |
8 |
EBCDIC |
Class name from CLASSACT/NOCLASSACT keyword (SETROPTS, RVARY) |
28(1C) |
9 |
mixed |
Class name from CLAUTH/NOCLAUTH keyword (ADDUSER, ALTUSER).
Bit 1 of the first byte, when set on, indicates that the class was
ignored because the command user did not have sufficient authority
to perform the operation. Bytes 2-9 contain the class name. |
29(1D) |
1-255 |
EBCDIC |
Application data (RDEFINE, RALTER) |
30(1E) |
12-55 |
mixed |
RACF database status
(RVARY, RACF initialization) Byte
1: - Bit
- Meaning when set
- 0
- Database is active
- 1
- Database is backup
- 2-7
- Reserved for IBM's use
Bytes 2-4: Unit name
Bytes 5-10 Volume
Byte
11: Sequence number
Byte 12: 1-44 character data set name
|
31(1F) |
1-44 |
EBCDIC |
Data set name from DATASET operand (RVARY) |
32(20) |
89 |
mixed |
- Byte
- Description
- 1
- Password interval value
- 2
- Password history value
- 3
- User ID revoke value
- 4
- Password warning level value
- 5-84
- Password syntax rules value
- 85
- User ID inactive interval
- 86-89
- Indicators
- Bit
- Meaning when set
- 0
- MODEL(GDG) in effect
- 1
- MODEL(USER) in effect
- 2
- MODEL(GROUP) in effect
- 3
- GRPLIST in effect
- 4-31
- Reserved for IBM's use
|
33(21) |
2-255 |
mixed |
Byte 1: Processing Flags - Bit
- Meaning when set
- 0
- 1=Resource name is generic
-
- 0=Generic profile is used
- 1
- 1=The old name of a data set renamed by RACROUTE REQUEST=DEFINE.
-
- 0=The new name of a data set renamed by RACROUTE REQUEST=DEFINE.
- 2-7
- Reserved for IBM's use
Bytes 2-254: Generic resource name or name of generic
profile used
Note: This relocate section does not appear in the
record when a generic profile was not used, for example when a user
is granted access to his own JES spool files without using a profile,
even though one exists.
|
34(22) |
8 |
EBCDIC |
Class name from GENERIC/NOGENERIC (SETROPTS) |
35(23) |
8 |
EBCDIC |
Class name from GENCMD/NOGENCMD (SETROPTS) |
36(24) |
8 |
EBCDIC |
Class name from GLOBAL/NOGLOBAL (SETROPTS) |
37(25) |
1-44 |
EBCDIC |
Model name |
38(26) |
8 |
EBCDIC |
User ID or group name that owns the profile (RACROUTE REQUEST=AUTH
and RACROUTE REQUEST=DEFINE and all the RACF commands
that produce log records, except SETROPTS and RVARY). During DEFINE
operations, this field contains the owner that the profile is defined
with; in all other operations, it contains the current owner. Thus,
for owner changes, it contains the old owner. |
39(27) |
4-255 |
|
Variable number of entity names (PERMIT), each
4 to 42 bytes long |
binary |
Bytes 1-2: Processing flags: - Bit
- Meaning when set
- 0
- Entity ignored because of processing error
- 1
- PROGRAM class entity
- 2
- CONSOLE class entity
- 3
- TERMINAL class entity
- 4
- JESINPUT class entity
- 5
- APPCPORT class entity
- 6
- SYSID entity
- 7
- SERVAUTH class entity
- 8
- CRITERIA entity
- 9-15
- Reserved for IBM's use
Byte 3: Entity length
|
EBCDIC |
Bytes 4-end: Entity name |
40(28) |
2-45 |
|
Category name (ADDSD, ALTDSD, ADDUSER, ALTUSER,
RDEFINE, RALTER commands and RACROUTE REQUEST=DEFINE) to be added
to the profile, and organized as follows: |
binary |
Byte 1 (at offset 0): Processing flags: - Bit
- Meaning when set
- 0
- Category name ignored because of processing error
- 1-7
- Reserved for IBM's use
|
EBCDIC |
Bytes 2-end (at offset 1): Category name added |
41(29) |
2-45 |
|
Category name (ALTDSD, ALTUSER, and RALTER commands)
to be deleted from the profile and organized as follows: |
binary |
Byte 1 (at offset 0): Processing flags: - Bit
- Meaning when set
- 0
- Category name ignored because of processing error
- 1-7
- Reserved for IBM's use
|
EBCDIC |
Bytes 2-end (at offset 1): Category name deleted |
42(2A) |
8 |
EBCDIC |
Class name from SETROPTS RACLIST/NORACLIST |
43(2B) |
8 |
EBCDIC |
Class name from SETROPTS GENLIST/NOGENLIST |
44(2C) |
1-255 |
mixed |
Any segment data, except BASE Byte 1: - Bit
- Meaning when set
- 0
- Reserved for IBM's use
- 1
- Delete the segment
- 2-7
- Reserved for IBM's use
- Byte 2-9:
- Name of segment
- Byte 10:
- Length of subkeyword
- Variable length
- The subkeyword specified
- Variable length
- The value associated with the subkeyword (limited to 245 minus
length of subkeyword)
|
44(2C) |
1-255 |
mixed |
Directed command information - Byte
- Description
- 1
- Bit string
- 2-9
- Name of segment - CMDSRC
- 10
- Length of subkeyword - 15
- 11-25
- Subkeyword ORIGINATED_FROM
- Variable length
- Contains one of the following:
- node.userid.DIRECTED_BY_AT
- node.userid.DIRECTED_BY_ONLYAT
- node.userid.DIRECTED_AUTOMATICALLY
|
44(2C) |
1-255 |
mixed |
Directed application update information - Byte
- Description
- 1
- Bit string
- 2-9
- Name of segment - APPLSRC
- 10
- Length of subkeyword - 15
- 11-25
- Subkeyword ORIGINATED_FROM
- Variable length
- node.userid.DIRECTED_AUTOMATICALLY
|
45(2D) |
9 |
|
Class and logging options from SETROPTS LOGOPTIONS |
EBCDIC |
Bytes 1-8: Class name |
mixed |
Byte 9: - Bit
- Meaning when set
- 0
- ALWAYS
- 1
- NEVER
- 2
- SUCCESSES
- 3
- FAILURES
- 4
- DEFAULTS
- 5-7
- Reserved for IBM's use
|
46(2E) |
1-255 |
EBCDIC |
Variable length string of data specified on LOGSTR= keyword
on RACROUTE macro |
47(2F) |
8 |
EBCDIC |
JOBNAME that user is not authorized to submit
for a JESJOBS job |
48(30) |
8 |
EBCDIC |
User ID to whom data is directed (RECVR= keyword on RACROUTE
macro) |
49(31) |
1-20 |
EBCDIC |
User name from ACEE |
50(32) |
8 |
EBCDIC |
Security label name (ADDSD, ALTDSD, ALTUSER, RDEFINE, and RALTER
commands, and the R_setfsecl, makeFSP and makeISP callable services)
to be added to the profile or security packet, or the user security
label for RACROUTE REQUEST=DIRAUTH |
51(33) |
8 |
EBCDIC |
Security label name (RACROUTE REQUEST=AUTH and DIRAUTH, ck_access,
ck_IPC_access, R_IPC_ctl, R_chmod, R_chown, R_audit, R_setfacl, ck_file_owner,
ck_owner_two_files, ck_process_owner, R_ptrace or VMXEVENT auditing)
of the resource, or security label name (ALTDSD, ALTUSER, RALTER commands
and the R_setfsecl callable service) to be deleted from the profile
or security packet. |
53(35) |
80 |
mixed |
User security token, see "RUTKN" in z/OS Security Server RACF Data Areas. |
54(36) |
80 |
mixed |
Resource security token (RACROUTE REQUEST=AUTH) see "RUTKN" in z/OS Security Server RACF Data Areas. |
55(37) |
8 |
Binary |
Key to link audit records together |
62(3E) |
1-44 |
EBCDIC |
Data set name affected by a security label change (used by
SMF type 83 records) |
63(3F) |
4 |
EBCDIC |
Link value to connect data sets affected by a security label
change with the RACF command
that caused the change |
64(40) |
4 |
EBCDIC |
Link value to connect client and server audit records. A link
value can appear for a client or server without a corresponding link
value if: - The client has failed authorization
- Auditing is not performed for both users
|
65(41) |
1 |
Binary |
Flags that indicate ACEE type: - Bit
- Meaning when set
- 0–4
- Reserved for IBM's use
- 5
- 1=Nested ACEE
- 6
- 0=Reserved for IBM's use
-
- 1=Server
- 7
- 0=Unauthenticated client
-
- 1=Authenticated client
|
66(42) |
44 |
EBCDIC |
Partitioned data set name |
Note: - The access flags are:
- Bit
- Access authority
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4
- NONE
- 5
- Reserved for IBM's use
- 6
- WRITE (for REQUEST=DIRAUTH only)
For RACROUTE REQUEST=DIRAUTH,
bits 3 and 6 can both be on, indicating READWRITE authority.
- The access flags for RACROUTE REQUEST=DIRAUTH are:
- Bit
- Access type
- 0
- Always on
- 1
- Mandatory access check
- 2
- Reverse mandatory access check
- 3
- Equal mandatory access check
The access flags for other RACROUTE REQUEST types
are: - Bit
- Access authority
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4
- NONE
- 5
- EXECUTE
The access flags could all be off if a mandatory access
check has failed.
- This bit is turned on for each ID in the list (data
type 12) and each program entity name in the list (data type 39) that
was not processed because of a non-terminating error, such as user
IDs (specified on the ID operand of the PERMIT command) that are not
defined to RACF. If a terminating
error, such as a RACF manager
error, occurred while processing an ID or entity, this bit is turned
on for all remaining IDs or entities that were not processed.
For
the PERMIT DELETE command, when no terminating error has occurred,
this bit is turned ON only if no entry in the access list was deleted
for the ID or entity.
The access flags for other RACROUTE REQUEST types are: - Bit
- Access authority
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4
- NONE
- 5
- EXECUTE
The access flags could all be off if a mandatory access
check has failed.
|
Table of extended-length
relocate section variable data
This
table describes the variable data elements of the extended-length
relocate section.
Data type (SMF80TP2) dec(hex) |
Data length (SMF80DL2) |
Format |
Audited
by event code |
Description (SMF80DA2) |
---|
256(100) |
2 |
Binary |
All |
Audit function code, indicating the calling
service. Refer
to the description of IRRPAFC in z/OS Security Server RACF Data Areas. |
257(101) |
4 |
Binary |
All |
Old real z/OS UNIX user
identifier (UID) |
258(102) |
4 |
Binary |
All |
Old effective z/OS UNIX user identifier
(UID) |
259(103) |
4 |
Binary |
All |
Old saved z/OS UNIX user
identifier (UID) |
260(104) |
4 |
Binary |
All |
Old real z/OS UNIX group
identifier (GID) |
261(105) |
4 |
Binary |
All |
Old effective z/OS UNIX group identifier
(GID) |
262(106) |
4 |
Binary |
All |
Old saved z/OS UNIX group
identifier (GID) |
263(107) |
1-1023 |
EBCDIC |
28,29,30,31,32, 33,34,35,41,42, 43,44,45,47,48,
53,54,55,56,64 |
Requested pathname (see also data type
299) Note: For events
47 (rename) and 41 (link), this is the old pathname.
|
264(108) |
16 |
Binary |
28,29,30,31,32, 33,34,35,41,42, 43,44,45,47,48, 53,54,55,56,64 |
File identifier |
265(109) |
4 |
Binary |
28,29,30,31,32, 33,34,35,41,42, 43,44,45,47,48,
53,54,55,56,64 |
File owner z/OS UNIX user
identifier (UID) |
265(109) |
4 |
Binary |
60,61,62 |
IPC key owner z/OS UNIX user identifier
(UID) |
266(10A) |
4 |
Binary |
28,29,30,31,32, 33,34,35,41,42, 43,44,45,47,48, 53,54,55,56,64 |
File owner z/OS UNIX group
identifier (GID) |
266(10A) |
4 |
Binary |
60,61,62 |
IPC key owner z/OS UNIX group identifier
(GID) |
267(10B) |
1 |
Binary |
28,29,30 |
Requested access - Value
- Meaning
- X'04'
- Read
access
- X'02'
- Write access
- X'01'
- Execute access
- X'81'
- Directory search access
- X'87'
- Any access
Multiple bits may be set.
|
267(10B) |
1 |
Binary |
60 |
IPC requested
access - Value
- Meaning
- X'00'
- No access
- X'02'
- Write access
- X'04'
- Read access
- X'06'
- Read
and write access
|
268(10C) |
1 |
Binary |
28, 29, 30, 60 |
Access type (bits used to make access check) - Value
- Meaning
- 1
- 'owner' bits
- 2
- 'group' bits
- 3
- 'other' bits
- 4
- no
bits used
- 5
- UID ACL entry
- 6
- GID ACL entry or entries
- 7
- ACL exists but could not be retrieved
- 8
- A restricted user ID was denied access
because it was not the
file owner and was not explicitly permitted to the file
The access type value could be 0 if a mandatory
access check has failed.
|
269(10D) |
1 |
Binary |
28,29,30 |
Access
allowed - Value
- Meaning
- X'04'
- Read access
- X'02'
- Write access
- X'01'
- execute/
search
Multiple bits can be set.
|
269(10D) |
1 |
Binary |
60 |
IPC access allowed - Value
- Meaning
- X'02'
- Write access
- X'04'
- Read access
Multiple
bits can be set.
|
270(10E) |
1-1023 |
EBCDIC |
28,29,30,41,47 |
Second requested
pathname (see also data type 299) Note: For
events 47 (rename) and 41 (link), this is the new pathname.
|
271(10F) |
16 |
Binary |
47,64 |
Second file identifier |
272(110) |
4 |
Binary |
36,50,52 |
New real z/OS UNIX user
identifier (UID) |
273(111) |
4 |
Binary |
36,50,52 |
New effective z/OS UNIX user identifier
(UID) |
274(112) |
4 |
Binary |
36,50,52 |
New saved z/OS UNIX user
identifier (UID) |
275(113) |
4 |
Binary |
36,49,51 |
New real z/OS UNIX group
identifier (GID) |
276(114) |
4 |
Binary |
36,49,51 |
New effective z/OS UNIX group identifier
(GID) |
277(115) |
4 |
Binary |
36,49,51 |
New saved z/OS UNIX group
identifier (GID) |
278(116) |
4 |
Binary |
47 |
Owner z/OS UNIX user
identifier (UID) of deleted file |
278(116) |
4 |
Binary |
64 |
Second
file owner z/OS UNIX user
identifier
(UID) |
279(117) |
4 |
Binary |
47 |
Owner z/OS UNIX group
identifier (GID) of deleted file |
279(117) |
4 |
Binary |
64 |
Second
file owner z/OS UNIX group
identifier
(GID) |
280(118) |
4 |
Binary |
34,50,52 |
z/OS UNIX user
identifier (UID) input parameter |
280(118) |
4 |
Binary |
62 |
IPC owner z/OS UNIX user
identifier (UID) input parameter |
281(119) |
4 |
Binary |
34,49,51 |
z/OS UNIX group
identifier (GID) input parameter |
281(119) |
4 |
Binary |
62 |
IPC owner z/OS UNIX group
identifier (GID) input parameter |
282(11A) |
4 |
Binary |
37,40,46,58 |
Target
real z/OS UNIX user
identifier (UID) |
283(11B) |
4 |
Binary |
37,40,46,58 |
Target effective z/OS UNIX user identifier
(UID) |
284(11C) |
4 |
Binary |
37,40,46,58 |
Target saved z/OS UNIX user
identifier (UID) |
285(11D) |
4 |
Binary |
46 |
Target real z/OS UNIX group
identifier (GID) |
286(11E) |
4 |
Binary |
46 |
Target effective z/OS UNIX group identifier
(GID) |
287(11F) |
4 |
Binary |
46 |
Target saved z/OS UNIX group
identifier (GID) |
288(120) |
4 |
Binary |
37,40,46,58 |
Target PID |
289(121) |
4 |
Binary |
33,35 |
Old mode - Bit
- Meaning
- 0-19
- Reserved for IBM's use
- 20
- S_ISGID bit
- 21
- S_ISUID bit
- 22
- S_ISVTX bit
- 23-25
- Owner permission bits (read/ write/ execute)
- 26-28
- Group permission bits (read/ write/ execute)
- 29-31
- Other permission bits (read/ write/ execute)
|
289(121) |
4 |
Binary |
62 |
IPC old mode - Bit
- Meaning
- 0-22
- Reserved for IBM's use
- 23-25
- Owner permission bits (RW-)
- 26-28
- Group permission bits (RW-)
- 29-31
- Other permission bits (RW-)
|
290(122) |
4 |
Binary |
33,35,42,43,45 |
New mode - Bit
- Meaning
- 0-19
- Reserved for
IBM's use
- 20
- S_ISGID bit
- 21
- S_ISUID bit
- 22
- S_ISVTX bit
- 23-25
- Owner
permission bits (read/ write/ execute)
- 26-28
- Group permission bits (read/ write/ execute)
- 29-31
- Other permission bits (read/ write/ execute)
|
290(122) |
4 |
Binary |
62 |
IPC new mode - Bit
- Meaning
- 0-22
- Reserved for IBM's use
- 23-25
- Owner permission bits (RW-)
- 26-28
- Group permission bits (RW-)
- 29-31
- Other permission bits (RW-)
|
291(123) |
2 |
Binary |
28 |
Service that was being processed. Used when
data type 256 indicates
that the calling service was lookup (pathname resolution). |
291(123) |
2 |
Binary |
62 |
Service that was being processed. Used when data type 256 indicates
that the calling service was to remove an ID, set, or setmqb. |
292(124) |
4 |
Binary |
31 |
Requested audit options - Byte
- Meaning
- 1
- Read access audit
options
- 2
- Write access audit options
- 3
- execute/
search audit options
- 4
- Reserved for IBM's use
In each byte, the following flags are defined: - Value
- Meaning
- X'00'
- Don't audit any access attempts
- X'01'
- Audit successful accesses
- X'02'
- Audit failed access attempts
- X'03'
- Audit both successful and failed access attempts
|
293(125) |
8 |
Binary |
31 |
Old audit options (user and auditor) - Byte
- Meaning
- 1
- User read access audit options
- 2
- User
write access audit options
- 3
- User execute/
search audit
options
- 4
- Reserved for IBM's use
- 5
- Auditor read access audit options
- 6
- Auditor write access audit options
- 7
- Auditor execute/
search audit
options
- 8
- Reserved for IBM's use
In each byte, the following flags are defined: - Value
- Meaning
- X'00'
- Do not audit any access attempts
- X'01'
- Audit successful accesses
- X'02'
- Audit failed access attempts
- X'03'
- Audit both successful and failed access attempts
|
294(126) |
8 |
Binary |
31 |
New audit options (user and auditor) - Byte
- Meaning
- 1
- User read access audit options
- 2
- User
write access audit options
- 3
- User execute/
search audit
options
- 4
- Reserved for IBM's use
- 5
- Auditor read access audit options
- 6
- Auditor write access audit options
- 7
- Auditor execute/
search audit
options
- 8
- Reserved for IBM's use
In each byte, the following flags are defined: - Value
- Meaning
- X'00'
- Do not audit any access attempts
- X'01'
- Audit successful accesses
- X'02'
- Audit failed access attempts
- X'03'
- Audit both successful and failed access attempts
|
295(127) |
1-44 |
EBCDIC |
28,44,55 |
Data set name for mounted file system |
296(128) |
4 |
Binary |
33,42,43,45 |
Requested file mode - Bit
- Meaning
- 0-19
- Reserved for
IBM's use
- 20
- S_ISGID bit
- 21
- S_ISUID bit
- 22
- S_ISVTX bit
- 23-25
- Owner
permission bits (read/ write/ execute)
- 26-28
- Group permission bits (read/ write/ execute)
- 29-31
- Other permission bits (read/ write/ execute)
|
296(128) |
4 |
Binary |
61,62 |
IPC requested ISP mode. - Bit
- Meaning
- 0-22
- Reserved for
IBM's use
- 23-25
- Owner permission
bits (RW-)
- 26-28
- Group permission
bits (RW-)
- 29-31
- Other permission
bits (RW-)
|
297(129) |
1-1023 |
EBCDIC |
28,29,53 |
Content
of symlink |
298(12A) |
1-256 |
EBCDIC |
28,29,30 |
File name being
checked |
299(12B) |
1 |
Binary |
28,29,30, 41,47 |
Flag indicating whether the requested
pathname is the old (or
only) pathname or the new pathname. This field is X'01' except
for ck_access events where authority to a new name is being checked.
The second pathname contains the new name specified. - Value
- Meaning
- X'01'
- Old (or only) pathname
- X'02'
- New pathname
|
300(12C) |
4 |
Binary |
40 |
Kill
signal code |
301(12D) |
variable |
EBCDIC |
9,10,12,13 |
Command segment
data
Bytes 1-2 - Bit
- Meaning
when set
- 0
- Keyword was ignored
because of insufficient authority
- 1
- Segment
is to be deleted, via a NOxxx keyword
- 2-3
- Data format
- 01
- Numeric
- 10
- Hex
- 11
- Undefined
- 4
- Keyword
has no subfield
- 5-15
- Reserved for
IBM's use
Bytes 3-10: Name of segment (main
keyword)
Byte
11: Length of subkeyword; 0 if byte 1 bit 1 is set
Variable
length: The subkeyword specified; null if byte 1 bit 1 is set
2
bytes: Length of data
Variable length: The data as entered on
the command
|
302(12E) |
1 |
Binary |
47,54 |
Last link deleted
flag - Value
- Meaning
- X'00'
- Last link was not deleted
- X'01'
- Last link was deleted.
|
303(12F) |
4 |
Binary |
60,61,62 |
IPC key |
304(130) |
4 |
Binary |
60,61,62 |
IPC ID |
305(131) |
4 |
Binary |
60,61,62 |
IPC key creator z/OS UNIX user identifier
(UID) |
306(132) |
4 |
Binary |
60,61,62 |
IPC key creator z/OS UNIX group identifier
(GID) |
307(133) |
8 |
EBCDIC |
28,29,30,31,33, 34,41,42,43,45, 47,48,53,54,56 |
Filepool
name |
308(134) |
8 |
EBCDIC |
28,29,30,31,33, 34,41,42,43,45, 47,48,53,54,56 |
Filespace
name |
309(135) |
4 |
Binary |
28,29,30,31,33, 34,41,42,43,45, 47,48,53,54,56 |
Inode
(file serial number) |
310(136) |
4 |
Binary |
28,29,30,31,33, 34,41,42,43,45, 47,48,53,54,56 |
SCID (file serial number) |
311(137) |
8 |
EBCDIC |
47 |
Second
filepool name |
312(138) |
8 |
EBCDIC |
47 |
Second filespace name |
313(139) |
4 |
Binary |
47 |
Second Inode (file serial number) |
314(13A) |
4 |
Binary |
47 |
Second SCID (file serial number) |
315(13B) |
4 |
EBCDIC |
28,29,30,31,32, 33,34,41,44,47,
48,54,55,56,57, 63,64 |
Link value to connect client and
server audit records. A link
value may appear for a client or server without a corresponding link
value if: - the client has failed authorization
- auditing is not performed for both users
|
316(13C) |
1 |
Binary |
28,29,30,31,32,
33,34,41,44,47,48,54, 55,56,57,63,64 |
Flags that indicate
ACEE type: - Bit
- Meaning
when set
- 0–4
- Reserved for IBM's
use
- 5
- 1=Nested ACEE
- 6
- 0=Reserved for IBM's use
-
- 1=Server
- 7
- 0=Unauthenticated
client
-
- 1=Authenticated client
|
317(13D) |
1 |
Binary |
28,29,30,31,32, 33,34,35,36,37, 38,39,40,41,42,
43,44,45,46,47,
48,49,50,51,52, 53,54,55,56,57, 58,60,61,62,63, 64,65 |
- Value
- Meaning
- X'80'
- Indicates a default z/OS UNIX security environment
is in effect.
|
318(13E) |
1-255 |
EBCDIC |
66, 67, 69, 72, 74,
79, 83, 85, 89 |
Certificate or CRL serial number |
319(13F) |
1-255 |
EBCDIC |
66, 67, 69, 72, 74, 79, 83, 85, 89 |
Certificate
or CRL issuer's distinguished name |
320(140) |
1-237 |
Char |
66 |
Ring
name |
321(141) |
1-64 |
Char |
66 |
C from SUBJECTSDN |
322(142) |
1-64 |
Char |
66 |
SP from
SUBJECTSDN |
323(143) |
1-64 |
Char |
66 |
L from SUBJECTSDN |
324(144) |
1-64 |
Char |
66 |
O from SUBJECTSDN |
325(145) |
1-64 |
Char |
66 |
OU from
SUBJECTSDN |
326(146) |
1-64 |
Char |
66 |
T from SUBJECTSDN |
327(147) |
1-64 |
Char |
66 |
CN from SUBJECTSDN |
328(148) |
1-255 |
EBCDIC |
66 |
SDNFILTER
filter name |
329(149) |
1-255 |
EBCDIC |
66 |
IDNFILTER filter name |
330(14A) |
1-255 |
EBCDIC |
66 |
CRITERIA or NEWCRITERIA value |
331(14B) |
1-255 |
EBCDIC |
ALL
events except 68 |
Subject's distinguished name |
332(14C) |
1-255 |
EBCDIC |
ALL events except 68 |
Issuer's distinguished name |
333(14D) |
1-240 |
EBCDIC |
68 |
Kerberos principal name (reserved for use
by Network Authentication Service) |
334(14E) |
7-22 |
EBCDIC |
68 |
Kerberos login request source (reserved for
use by Network Authentication Service) |
335(14F) |
1-10 |
EBCDIC |
68 |
Kerberos KDC status code (reserved for use
by Network Authentication Service) |
336(150) |
1-255 |
EBCDIC |
66 |
ALTNAME IP Address |
337(151) |
1-255 |
EBCDIC |
66 |
ALTNAME
EMail |
338(152) |
1-255 |
EBCDIC |
66 |
ALTNAME Domain |
339(153) |
1-255 |
EBCDIC |
66 |
ALTNAME URI |
340(154) |
1 |
Binary |
69, 83 |
IRRSPX00
flags byte 1 – KeyUsage flag combinations: - Bits
- Meaning
- 1... ....
- "handshake" (digitalsig, keyencrypt)
- .1..
....
- "dataencrypt"
- ..1. ....
- "certsign"
(keycertsign, crlsign)
- ...1 ....
- "docsign"
- .... 1...
- "keyagree"
- .... .1..
- "digitalsig"
- ....
..1.
- "keycertsign"
- 1... .1..
- "keyencrypt"
- ..1. ..1.
- "crlsign"
|
341(155) |
10 |
EBCDIC |
69, 83, 85, 89 |
Requested NotBefore field in the
format yyyy/mm/dd |
342(156) |
10 |
EBCDIC |
69, 83, 85, 89 |
Requested
NotAfter field in the format yyyy/mm/dd |
343(157) |
8 |
EBCDIC |
69, 70 |
IRRSPX00
target user ID |
344(158) |
1-32 |
EBCDIC |
69, 70 |
IRRSPX00 target label |
345(159) |
1-45 |
EBCDIC |
69 |
IRRSPX00 SignWith field |
346(15A) |
1-255 |
EBCDIC |
69,
83, 85, 89 |
Requested Subject's DN |
347(15B) |
1-64 |
EBCDIC |
69,
83 |
Requested AltlPAddr field |
348(15C) |
1-255 |
EBCDIC |
69, 83 |
Requested
AltURI field |
349(15D) |
1-100 |
EBCDIC |
69, 83 |
Requested AltEmail
field |
350(15E) |
1-100 |
EBCDIC |
69, 83 |
Requested AltDomain
field |
351(15F) |
1-56 |
EBCDIC |
69, 70, 83 |
IRRSPX00 CertId |
352(160) |
1-4096 |
EBCDIC |
71 |
Policy Director protected object (reserved
for use by Policy Director Authorization Services) |
353(161) |
1-1024 |
EBCDIC |
71 |
Requested Policy Director permissions (reserved
for use by Policy Director Authorization Services) |
354(162) |
8 |
EBCDIC |
71 |
Policy Director principal user ID (reserved
for use by Policy Director Authorization Services) |
355(163) |
36 |
EBCDIC |
71 |
Principal ID string in the format nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn where n is
any hexadecimal digit (reserved for use by Policy Director Authorization Services) |
356(164) |
4 |
Binary |
71 |
Policy Director quality of protection value (reserved for use
by Policy Director Authorization Services) |
357(165) |
1024 |
EBCDIC |
69, 70,
73, 83 |
HostIDMappings extension data |
358(166) |
32 |
EBCDIC |
70, 83,
85, 89 |
Certificate requestor's name |
359(167) |
1 |
Binary |
69, 70,
83 |
IRRSPX00 flags byte 2- Bit
- Meaning
- 0
- Pass phrase specified
|
360(168) |
32 |
EBCDIC |
72 |
Certificate
or certificate request status: - Pending approval
- Approved
- Completed
- Rejected
- Rejected,
User Notified
- Active
- Expired
- Revoked
- Revoked,
Expired
|
361(169) |
10 |
EBCDIC |
72 |
Creation date
in the format yyyy/mm/dd |
362(16A) |
10 |
EBCDIC |
72 |
Last modified
in the format yyyy/mm/dd |
363(16B) |
1–255 |
EBCDIC |
72, 85 |
Certificate
serial number for previously issued
certificate |
364(16C) |
4 |
Binary |
73, 74 |
Action taken
on certificate or certificate request |
365(16D) |
1–64 |
EBCDIC |
74 |
Action comment |
366(16E) |
4 |
Binary |
74 |
Certificate
revocation reason |
367(16F) |
1 |
Binary |
75, 76 |
ACL type- Value
- Meaning
- X'80'
- Access ACL
- X'40'
- File model
- X'20'
- Directory
model
|
368(170) |
1 |
Unsigned |
75 |
Effective ACL
entry operation type- Value
- Meaning
- 1
- Add
- 2
- Modify
- 3
- Delete
|
369(171) |
5 |
Binary |
75 |
ACL entry identifier.
This consists of a 1–byte
type code followed by the 4–byte hexadecimal UID or GID value. - Value
- Meaning
- X'01'
- User (UID) entry
- X'02'
- Group (GID) entry
|
370(172) |
1 |
Binary |
75 |
Old ACL entry bits for modify and delete operations. |
371(173) |
1 |
Binary |
75 |
New ACL entry bits for add and modify operations. |
372(174) |
1 |
Binary |
71 |
Policy Director credential type flag reserved
for use by Policy Director Authorization Services- Value
- Meaning
- X'00'
- Unauthenticated
- X'01'
- Authenticated
|
373(175) |
1–64 |
EBCDIC |
69, 72, 83, 85 |
Email address for notification purposes |
374(176) |
8 |
EBCDIC |
1, 67 |
Server's
security label |
375(177) |
1-255 |
EBCDIC |
69, 72, 73, 83 |
Extended
keyUsage |
376(178) |
1-32 |
EBCDIC |
69, 73 |
Certificate policies |
377(179) |
1-1024 |
EBCDIC |
69, 73 |
Authority information access |
378(17A) |
1-255 |
EBCDIC |
69, 73 |
Critical extensions |
379(17B) |
1-255 |
EBCDIC |
79 |
CRL's issuing distribution point DN |
380(17C) |
10 |
EBCDIC |
79 |
CRL's date of issue |
381(17D) |
8 |
EBCDIC |
79 |
CRL's time of issue |
382(17E) |
10 |
EBCDIC |
79 |
CRL's expiration date |
383(17F) |
8 |
EBCDIC |
79 |
CRL's expiration time |
384(180) |
10 |
EBCDIC |
79 |
CRL's date of publish |
385(181) |
8 |
EBCDIC |
79 |
CRL's time of publish |
386(182) |
1–64 |
EBCDIC |
All, except 68, 71,
79, and 85 |
SERVAUTH port of entry name (profile name
protecting the SERVAUTH
name if resource name is unavailable) |
387(183) |
1–1024 |
EBCDIC |
79 |
CRL's issuing distribution point URI |
388(184) |
1–1024 |
EBCDIC |
69, 73,
83 |
Requested ALTNAME OtherName |
389(185) |
1–1024 |
EBCDIC |
80 |
Response from OCSP responder containing a list
of triplets:- Certificate serial number
- Status: GOOD, REVOKED,
or UNKNOWN
- Issuer's DN, or "UNKNOWN
ISSUER"
Each item is separated by a comma and each
triplet is separated
by a blank. |
390(186) |
8 |
EBCDIC |
2 |
Primary (client)
user ID for this nested ACEE. |
391(187) |
8 |
EBCDIC |
69, 70, 72, 73, 74, 80, 83, 85, 89 |
Domain name of the target PKI Services certificate
authority. |
392(188) |
1-510 |
EBCDIC |
All, except 68, 71, 79, 81, 82, and 85 |
Authenticated user name. |
393(189) |
1-255 |
EBCDIC |
All, except
68, 71, 79, 81, 82, and 85 |
Authenticated
user registry name. |
394(18A) |
1-128 |
EBCDIC |
All, except 68, 71, 79, 81, 82, and 85 |
Authenticated user host name. |
395(18B) |
1-16 |
EBCDIC |
All, except
68, 71, 79, 81, 82, and 85 |
Authenticated
user authentication mechanism
object identifier (OID). |
396(18C) |
3-244 |
EBCDIC |
2 |
Access criteria. Note: When
this relocate is
used, the data appears in the form of criteria-name=criteria-value.
|
398(18E) |
1-64 |
EBCDIC |
66 |
PKDS label. |
399(18F) |
1-32 |
EBCDIC |
66 |
Token name. |
400(190) |
8 |
EBCDIC |
84 |
Ring owner. |
401(191) |
1 |
Binary |
84 |
Reuse attribute
flag for NewRing. |
402(192) |
1 |
Binary |
84 |
Trust attribute
flag for DataPut. |
403(193) |
1 |
Binary |
84 |
HighTrust attribute
flag for DataPut. |
404(194) |
1 |
Binary |
84 |
Delete attribute
flag for DataRemove. |
405(195) |
8 |
EBCDIC |
84 |
Certificate
usage: ‘SITE’, ‘CERTAUTH’ or ‘PERSONAL’. |
406(196) |
1 |
Binary |
84 |
Default flag. X'01' means default certificate. |
407(197) |
1 |
Binary |
84 |
Private key specified. X'01' means
that private key is specified. |
408(198) |
256 |
EBCDIC |
85 |
AutoRenew Exit
path name. |
409(199) |
1-255 |
EBCDIC |
86 |
Root signing
certificate subject's distinguished
name |
410(19A) |
1-255 |
EBCDIC |
86 |
Program signer (end
entity) certificate subject's
distinguished name |
411(19B) |
1 |
Binary |
86 |
R_PgmSignVer
flags byte- Bit
- Meaning
- 0
- 1 = Module allowed to be loaded
|
412(19C) |
8 |
EBCDIC |
86 |
Time module
was signed |
413(19D) |
10 |
EBCDIC |
86 |
Date module
was signed |
414(19E) |
10 |
EBCDIC |
86 |
Date when module
certificate chain expires |
415(19F) |
1-246 |
EBCDIC |
87 |
Value of the
user ID filter from the USERDIDFILTER
keyword on MAP |
416(1A0) |
1-255 |
EBCDIC |
87 |
Value of the
registry name from the REGISTRY
keyword of RACMAP |
417(1A1) |
1-20 |
EBCDIC |
88 |
Service or process
name for automatically updated
profile |
418(1A2) |
1-8 |
EBCDIC |
88 |
Class for automatically
updated profile |
419(1A3) |
1-255 |
EBCDIC |
88 |
Automatically
updated profile name |
420(1A4) |
1-4000 |
EBCDIC |
88 |
Automatically
updated profile data |
421(1A5) |
40 |
EBCDIC |
70, 72, 89 |
Key
ID |
422(1A6) |
4 |
EBCDIC |
69 |
Key size |
423(1A7) |
32 |
EBCDIC |
74 |
Requestor email |
424(1A8) |
1-246 |
UTF-8 |
All, except
68, 71, 79, 81, 82, and 85 |
Authenticated
distributed-identity user name |
425(1A9) |
1-246 |
UTF-8 |
All, except 68, 71, 79, 81, 82, and 85 |
Authenticated distributed-identity registry
name |
426(1AA) |
10 |
EBCDIC |
69 |
Key algorithm |
427(1AB) |
1024 |
EBCDIC |
69, 73,
83 |
Customized extension |
428(1AC) |
32 |
EBCDIC |
69, 73,
83 |
Record link |
429 (1AD) |
32 |
EBCDIC |
72 |
Signing Algorithm |
Table of data type 6 command-related data
This table describes the RACF command-related
data associated with data type 6.
- ADDGROUP
- ADDSD
- ADDUSER
- ALTDSD
- ALTGROUP
- ALTUSER
- CONNECT
- DELDSD
- DELGROUP
- DELUSER
- PASSWORD
- PERMIT
- RACDCERT
- RACLINK
- RACMAP
- RALTER
- RDEFINE
- RDELETE
- REMOVE
- RVARY
- SETROPTS
The actual format and content of the data depends upon the command
being logged. Command-related data will not appear in the SMF record
if the command user is not RACF-defined. Some of the commands also
omit the command-related data if the user is not authorized for the
requested profile on the RACF database.
The table is arranged by event code. In each description, the keyword
flags contain one flag for each possible keyword that you can specify
(explicitly or by default) on the command. The ‘flags for keywords
specified’ field indicates whether the keyword was specified or defaulted.
The ‘flags for keywords ignored because of insufficient authority’
indicates whether the keyword was ignored because the user did not
have sufficient authority to use the keyword. The event code qualifier
(SMF80EVQ), described in Table 1, is set to 1 if the command user
does not have sufficient authority for any of the keywords specified
or taken as defaults. The event code qualifier is set to 2 if the
command user does not have sufficient authority for some (but not
all) of the keywords specified or taken as defaults. In the latter
case, the command continues processing the authorized operands.
The ‘flags for keywords ignored due to error conditions’ field
indicates individual keywords that were not processed for reasons
other than insufficient authority. Not all commands (event codes 8-25)
have these flags. The keyword errors are not terminating errors (like
the errors indicated in SMF80ERR) and the command continues processing
other specified operands. In the event of a terminating error, these
flags do not necessarily indicate what processing was done or not
done. Any keyword errors occurring before the terminating error are
indicated, but the keywords not processed because of a terminating
error are not indicated. The bits in SMF80ERR indicate whether RACF already made changes to the RACF database before the terminating
error and if it backed out the changes successfully.
Other fields in the command-related data field indicate the subfields
specified (or defaulted) for keywords. The fields are flags for subfields
that are keywords (such as SUCCESS subfield of AUDIT); they are data
for subfields such as owner name or group name.
For example, if the owner of the profile for USERA issues the command: ALTUSER USERA ADSP GRPACC SPECIAL OWNER(USERB)
and USERB, the requested new owner is not RACF-defined, then the
command-related data would appear in the log record as: 012C0000 00040000 00080000 00E4E2C5
D9C14040 40000000 00000000 00000000
00000000 000000E4 E2C5D9C2 40404000
00000000
The first word indicates the keywords specified. The second word
indicates that the user does not have sufficient authority to use
the SPECIAL keyword. The third word indicates that there was an error
processing the OWNER keyword. At offset X'0D' is the name
of the user profile being altered. At offset X'27' is the
name of the owner specified on the command. RACF processed the ADSP and GRPACC keywords.
Note: If you use SMF records to reconstruct a RACF database, passwords and OIDCARDs are not
contained in the records and require special handling, and statistics
updates are not recorded.
Event code dec(hex) |
Command |
Data length |
Format |
Description |
---|
8( 8) |
ADDSD |
2 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- VOLUME
- 1
- UNIT
- 2
- UACC
- 3
- OWNER
- 4
- AUDIT
- 5
- SET
- 6
- NOSET
- 7
- LEVEL
- Byte 1
- 0
- PASSWORD
- 1
- DATA
- 2
- MODEL
- 3
- WARNING
- 4
- GENERIC
- 5
- SECLEVEL
- 6
- ADDCATEGORY
- 7
- NOTIFY
|
2 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
44 |
EBCDIC |
Data set name |
8 |
EBCDIC |
Type (UNIT keyword) |
1 |
Binary |
Flags for UACC keyword: Note: If this is a non-DFP data set, RACF ignores bit 4 when checking
access to data sets.
- Bit
- Authority specified
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4
- EXECUTE
- 5–6
- Reserved for IBM's use
- 7
- NONE
|
8 |
EBCDIC |
User ID or group name (OWNER keyword) |
1 |
Binary |
Flags for AUDIT keyword: (only one set at a time) - Bit
- Option specified
- 0
- ALL
- 1
- SUCCESS
- 2
- FAILURES
- 3
- NONE
- 4–5
- SUCCESS qualifier codes:
‘00’ READ
‘01’ UPDATE
‘10’ CONTROL
‘11’ ALTER
- 6–7
- FAILURES qualifier codes:
‘00’ READ
‘01’ UPDATE
‘10’ CONTROL
‘11’ ALTER
|
1 |
Binary |
nn (LEVEL keyword) |
8( 8) (Cont.) |
ADDSD (Cont.) |
1 |
Binary |
Flags for RACF processing: - Bit
- Meaning
- 0
- Data set profile inconsistent with RACF indicator
- 1
- Generic profile name specified
- 2
- FROM entity is longer than 44 characters entity is passed in
relocate type 13
- 3–7
- Reserved for IBM's use
|
8 |
EBCDIC |
User to be notified when this profile denies access |
2 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- SETONLY
- 1
- TAPE
- 2
- FILESEQ
- 3
- RETPD
- 4
- ERASE
- 5
- FROM
- 6
- FCLASS
- 7
- FVOLUME
- Byte 1
- 0
- FGENERIC
- 1
- SECLABEL
- 2–7
- Reserved for IBM's use
|
2 |
Binary |
Flags for keywords ignored. Same format as flags for keywords
specified. |
1 |
EBCDIC |
Reserved for IBM's use |
2 |
Binary |
File sequence number |
2 |
Binary |
Retention period |
8 |
EBCDIC |
FROM class name |
44 |
EBCDIC |
FROM resource name |
8 |
EBCDIC |
FROM volume serial |
44 |
EBCDIC |
SECLEVEL name |
8 |
EBCDIC |
SECLABEL |
9( 9) |
ADDGROUP |
1 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- 0
- SUPGROUP
- 1
- OWNER
- 2
- NOTERMUACC
- 3
- TERMUACC
- 4
- DATA
- 5
- MODEL
- 6
- UNIVERSAL
- 7
- Reserved for IBM's use
|
1 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
8 |
EBCDIC |
Group name |
8 |
EBCDIC |
Superior group name (SUPGROUP keyword) |
8 |
EBCDIC |
User ID or group name (OWNER keyword) |
10( A) |
ADDUSER |
* The data for event code 10 is
identical to the data for event code 13, with these exceptions. |
4 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- DFLTGRP
- *1
- GROUP
- 2
- PASSWORD
- 3
- NOPASSWORD
- 4
- NAME
- 5
- AUTHORITY
- 6
- DATA
- 7
- GRPACC
- Byte 1
- 0
- NOGRPACC
- 1
- UACC
- 2
- ADSP
- 3
- NOADSP
- 4
- OWNER
- 5
- SPECIAL
- 6
- NOSPECIAL
- 7
- OPERATIONS
- Byte 2
- 0
- NOOPERATIONS
- 1
- CLAUTH
- 2
- NOCLAUTH
- 3
- AUDITOR
- 4
- NOAUDITOR
- 5
- OIDCARD
- 6
- NOOIDCARD
- *7
- REVOKE
- Byte 3
- *0
- RESUME
- *1
- AUDIT
- *2
- NOAUDIT
- 3
- MODEL
- *4
- NOMODEL
- 5
- WHEN
- 6
- ADDCATEGORY
- 7
- DELCATEGORY
|
4 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
4 |
Binary |
Flags for keywords ignored because of error conditions |
1 |
Binary |
Flags for other violations: - Bit
- Violation
- *0
- Command invoker does not have CLAUTH attribute of USER
- 1
- Command invoker does not have sufficient authority to group
- *2
- Command invoker does not have sufficient authority to user profile
- *3–7
- Reserved for IBM's use
|
8 |
EBCDIC |
User ID |
8 |
EBCDIC |
Group name (DFLTGRP keyword) |
8 |
EBCDIC |
*Group name (GROUP keyword) |
10( A) (Cont.) |
ADDUSER (Cont.) |
1 |
Binary |
Flags for AUTHORITY keyword: - Bit
- Authority specified
- 0
- JOIN
- 1
- CONNECT
- 2
- CREATE
- 3
- USE
- 4–7
- Reserved for IBM's use
|
1 |
Binary |
Flags for UACC keyword: - Bit
- Authority specified
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4–6
- Reserved for IBM's use
- 7
- NONE
|
8 |
EBCDIC |
User ID or group name (OWNER keyword) |
2 |
Binary |
Flags for classes specified (CLAUTH keyword) - Bit
- Keyword specified
- Byte 0
- 0–1
- Reserved for IBM's use
- 2
- USER
- 3
- Reserved for IBM's use
- 4
- DASDVOL
- 5
- TAPEVOL
- 6
- TERMINAL
- 7
- Reserved for IBM's use
- Byte 1
- 0–7
- Reserved for IBM's use
|
2 |
Binary |
Flags for classes ignored because of insufficient authority:
Same format as flags for classes specified. Note: if all classes specified
are ignored because of insufficient authority, then the ‘flags for
keywords ignored because of insufficient authority’ field indicates
that CLAUTH was ignored. |
2 |
Binary |
Flags for additional keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- SECLEVEL
- 1
- NOSECLEVEL
- 2
- SECLABEL
- 3
- NOSECLABEL
- 4
- NOEXPIRED
- 5
- EXPIRED
- 6
- RESTRICTED
- 7
- NORESTRICTED
- Byte 1
- 0
- Reserved for IBM's use
- 1
- Reserved for IBM's use
- 2
- PHRASE
- 3
- NOPHRASE
- 4-7
- Reserved for IBM's use
|
10( A) (Cont.) |
ADDUSER (Cont.) |
2 |
Binary |
Flags for additional keywords ignored (authorization): - Bit
- Keyword ignored
- Byte 0
- 0
- SECLEVEL
- 1
- NOSECLEVEL
- 2
- SECLABEL
- 3
- NOSECLABEL
- 4
- NOEXPIRED
- 5
- EXPIRED
- 6
- RESTRICTED
- 7
- NORESTRICTED
- Byte 1
- 0
- Reserved for IBM's use
- 1
- Reserved for IBM's use
- 2
- PHRASE
- 3
- NOPHRASE
- 4-7
- Reserved for IBM's use
|
2 |
Binary |
Flags for additional keywords ignored because of processing
error: - Bit
- Keyword specified
- Byte 0
- 0
- SECLEVEL
- 1
- NOSECLEVEL
- 2
- SECLABEL
- 3
- NOSECLABEL
- 4
- Reserved for IBM's use
- 5
- Reserved for IBM's use
- 6
- RESTRICTED
- 7
- NORESTRICTED
- Byte 1
- 0–7
- Reserved for IBM's use
|
3 |
packed |
Logon time (packed); if time is not specified, this field contains
binary zeros; if TIME(ANYTIME) is specified, this field contains X'F0F0F0'. |
3 |
packed |
Logoff time (packed); if time is not specified, this field
contains binary zeros; if TIME(ANYTIME) is specified, this field contains X'F0F0F0'. |
1 |
Binary |
Logon day - Bit
- Days the user cannot log on
- 0
- Sunday
- 1
- Monday
- 2
- Tuesday
- 3
- Wednesday
- 4
- Thursday
- 5
- Friday
- 6
- Saturday
- 7
- Day not specified
|
4 |
EBCDIC |
REVOKE date |
4 |
EBCDIC |
RESUME date |
44 |
EBCDIC |
SECLEVEL name |
8 |
EBCDIC |
SECLABEL name |
11( B) |
ALTDSD |
2 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- OWNER
- 1
- UACC
- 2
- AUDIT
- 3
- LEVEL
- 4
- ADDVOL
- 5
- DELVOL
- 6
- SET
- 7
- NOSET
- Byte 1
- 0
- GLOBALAUDIT
- 1
- VOLUME
- 2
- PASSWORD
- 3
- UNIT
- 4
- ALTVOL
- 5
- DATA
- 6–7
- Reserved for IBM's use
|
2 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified, except that Byte 1, Bit
2 is reserved for IBM's use. |
2 |
Binary |
Flags for keywords ignored because of error conditions: Same
format as flags for keywords specified, except that Byte 1, Bit 2
is reserved for IBM's use. |
44 |
EBCDIC |
Data set name |
8 |
EBCDIC |
User ID or group name (OWNER keyword) |
1 |
Binary |
Flags for UACC keyword: Note: If this is a non-DFP data set, RACF ignores bit 4 when checking
access to the data set.
- Bit
- Authority specified
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4
- EXECUTE
- 5–6
- Reserved for IBM's use
- 7
- NONE
|
1 |
Binary |
Flags for AUDIT keyword: - Bit
- Option specified
- 0
- ALL
- 1
- SUCCESS
- 2
- FAILURES
- 3
- NONE
- 4–5
- SUCCESS qualifier codes
- 6–7
- FAILURES qualifier codes
|
1 |
Binary |
nn (LEVEL keyword) |
1 |
Binary |
Flags for GLOBALAUDIT keyword: Same format as flags for AUDIT
keyword. |
6 |
EBCDIC |
Volume serial ID (VOLUME keyword) |
11( B) (Cont.) |
ALTDSD (Cont.) |
8 |
EBCDIC |
Unit information |
1 |
Binary |
Flags for RACF processing: - Bit
- Meaning
- 0
- Profile inconsistent with RACF indicator.
- 1
- Generic profile name specified
- 2–7
- Reserved for IBM's use
|
2 |
Binary |
Additional keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- GENERIC
- 1
- WARNING
- 2
- NOWARNING
- 3
- ERASE
- 4
- NOERASE
- 5
- RETPD
- 6
- NOTIFY
- 7
- NONOTIFY
- Byte 1
- 0
- SECLEVEL
- 1
- ADDCATEGORY
- 2
- DELCATEGORY
- 3
- NOSECLEVEL
- 4
- SECLABEL
- 5
- NOSECLABEL
- 6–7
- Reserved for IBM's use
|
2 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
2 |
Binary |
Flags for keywords ignored because of a processing error: Same
format as flags for keywords specified. |
2 |
Binary |
Retention period |
8 |
EBCDIC |
User to be notified when access denied. |
44 |
EBCDIC |
SECLEVEL name |
8 |
EBCDIC |
SECLABEL name |
12( C) |
ALTGROUP |
1 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- 0
- SUPGROUP
- 1
- OWNER
- 2
- NOTERMUACC
- 3
- TERMUACC
- 4
- DATA
- 5
- MODEL
- 6–7
- Reserved for IBM's use
|
1 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keyword's specified. |
1 |
Binary |
Flags for other violations: - Bit
- Violation
- 0
- Lack of proper authority to old SUPGROUP
- 1–7
- Reserved for IBM's use
|
8 |
EBCDIC |
Group name |
8 |
EBCDIC |
Superior group name (SUPGROUP keyword) |
8 |
EBCDIC |
User ID or group name (OWNER keyword) |
1 |
Binary |
Flags for keywords ignored because of error conditions: Same
format as flags for keywords specified. |
13( D) |
ALTUSER |
* The data for event code 13 is
identical to the data for event code 10, with these exceptions. |
4 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- DFLTGRP
- *1
- GROUP
- 2
- PASSWORD
- 3
- NOPASSWORD
- 4
- NAME
- 5
- AUTHORITY
- 6
- DATA
- 7
- GRPACC
- Byte 1
- 0
- NOGRPACC
- 1
- UACC
- 2
- ADSP
- 3
- NOADSP
- 4
- OWNER
- 5
- SPECIAL
- 6
- NOSPECIAL
- 7
- OPERATIONS
- Byte 2
- 0
- NOOPERATIONS
- 1
- CLAUTH
- 2
- NOCLAUTH
- 3
- AUDITOR
- 4
- NOAUDITOR
- 5
- OIDCARD
- 6
- NOOIDCARD
- *7
- REVOKE
- Byte 3
- *0
- RESUME
- *1
- UAUDIT
- *2
- NOUAUDIT
- 3
- MODEL
- 4
- NOMODEL
- 5
- WHEN
- 6
- ADDCATEGORY
- 7
- DELCATEGORY
|
4 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
4 |
Binary |
Flags for keywords ignored because of error conditions: Same
format as flags for keywords specified. |
1 |
Binary |
Flags for other violations: - Bit
- Violation
- *0
- Command invoker does not have CLAUTH attribute of USER
- 1
- Command invoker does not have sufficient authority to group
- *2
- Command invoker does not have sufficient authority to user profile
- 3
- Reserved for IBM's use
- 4
- NOEXPIRED
- 5
- EXPIRED
- 6–7
- Reserved for IBM's use
|
13( D) (Cont.) |
ALTUSER (Cont.) |
8 |
EBCDIC |
User ID |
8 |
EBCDIC |
Group name (DFLTGRP keyword) |
8 |
EBCDIC |
*Group name (GROUP keyword) |
1 |
Binary |
Flags for AUTHORITY keyword: - Bit
- Authority specified
- 0
- JOIN
- 1
- CONNECT
- 2
- CREATE
- 3
- USE
- 4–7
- Reserved for IBM's use
|
1 |
Binary |
Flags for UACC keyword: - Bit
- Authority specified
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4–6
- Reserved for IBM's use
- 7
- NONE
|
8 |
EBCDIC |
User ID (OWNER keyword) |
2 |
Binary |
Flags for classes specified (CLAUTH keywords) - Bit
- Option specified
- Byte 0
- 0–1
- Reserved for IBM's use
- 2
- USER
- 3
- Reserved for IBM's use
- 4
- DASDVOL
- 5
- TAPEVOL
- 6
- TERMINAL
- 7
- Reserved for IBM's use
- Byte 1
- 0–7
- Reserved for IBM's use
|
2 |
Binary |
Flags for classes ignored because of insufficient authority:
Same format as flags for classes specified. Note that if all classes
specified are ignored because of insufficient authority, then the
‘flags for keywords ignored because of insufficient authority’ field
indicates that CLAUTH or NOCLAUTH was ignored.
|
2 |
Binary |
Flags for additional keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- SECLEVEL
- *1
- NOSECLEVEL
- *2
- SECLABEL
- *3
- NOSECLABEL
- *4
- NOEXPIRED
- *5
- EXPIRED
- *6
- RESTRICTED
- *7
- NORESTRICTED
- Byte 1
- 0
- NOREVOKE
- 1
- NORESUME
- 2
- PHRASE
- 3
- NOPHRASE
- 4–7
- Reserved for IBM's use
|
13( D) (Cont.) |
ALTUSER (Cont.) |
2 |
Binary |
Flags for additional keywords ignored (authorization): - Bit
- Keyword ignored
- Byte 0
- 0
- SECLEVEL
- *1
- NOSECLEVEL
- *2
- SECLABEL
- *3
- NOSECLABEL
- *4
- NOEXPIRED
- *5
- EXPIRED
- *6
- RESTRICTED
- *7
- NORESTRICTED
- Byte 1
- 0
- NOREVOKE
- 1
- NORESUME
- 2
- PHRASE
- 3
- NOPHRASE
- 4–7
- Reserved for IBM's use
|
2 |
Binary |
Flags for additional keywords ignored because of processing
error:- Bit
- Keyword specified
- Byte 0
- 0
- SECLEVEL
- *1
- NOSECLEVEL
- *2
- SECLABEL
- *3
- NOSECLABEL
- *4
- NOEXPIRED
- *5
- EXPIRED
- *6
- RESTRICTED
- *7
- NORESTRICTED
- Byte 1
- 0–7
- Reserved for IBM's use
|
3 |
packed |
Logon time (packed); if time is not specified, this field contains
binary zeros; if TIME(ANYTIME) is specified, this field contains X'F0F0F0'. |
3 |
packed |
Logoff time (packed); if time is not specified, this field
contains binary zeros; if TIME(ANYTIME) is specified, this field contains X'F0F0F0'. |
1 |
Binary |
Day(s) the user cannot log on - Bit
- Day specified
- 0
- Sunday
- 1
- Monday
- 2
- Tuesday
- 3
- Wednesday
- 4
- Thursday
- 5
- Friday
- 6
- Saturday
- 7
- Day not specified
|
4 |
EBCDIC |
REVOKE date |
4 |
EBCDIC |
RESUME date |
44 |
EBCDIC |
SECLEVEL name |
8 |
EBCDIC |
SECLABEL name |
14( E) |
CONNECT |
2 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- GROUP
- 1
- UACC
- 2
- AUTHORITY
- 3
- ADSP
- 4
- NOADSP
- 5
- REVOKE
- 6
- RESUME
- 7
- GRPACC
- Byte 1
- 0
- NOGRPACC
- 1
- OPERATIONS
- 2
- NOOPERATIONS
- 3
- SPECIAL
- 4
- NOSPECIAL
- 5
- AUDITOR
- 6
- NOAUDITOR
- 7
- OWNER
|
2 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
8 |
EBCDIC |
User ID |
8 |
EBCDIC |
Group name (GROUP keyword) |
1 |
Binary |
Flags for UACC keyword: - Bit
- Authority specified
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4–6
- Reserved for IBM's use
- 7
- NONE
|
1 |
Binary |
Flags for AUTHORITY keyword: - Bit
- Authority specified
- 0
- JOIN
- 1
- CONNECT
- 2
- CREATE
- 3
- USE
- 4–7
- Reserved for IBM's use
|
1 |
Binary |
Flags for additional keywords specified- Bit
- Keyword specified
- 0
- NOREVOKE
- 1
- NORESUME
- 2–7
- Reserved for IBM's use
|
1 |
Binary |
Flags for additional keywords ignored because
of insufficient authority. Same format as flags for additional keywords
specified. |
8 |
EBCDIC |
User ID or group name (OWNER keyword) |
4 |
packed |
REVOKE date, packed |
4 |
packed |
RESUME date, packed |
15( F) |
DELDSD |
1 |
Binary |
Flags for keywords specified or taken as defaults: - Bit
- Keyword specified
- 0
- SET
- 1
- NOSET
- 2
- VOLUME
- 3
- GENERIC
- 4–7
- Reserved for IBM's use
|
1 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
44 |
EBCDIC |
Data set name |
6 |
EBCDIC |
Volume serial ID (VOLUME keyword) |
1 |
Binary |
Flags for RACF processing: - Bit
- Meaning
- 0
- Profile inconsistent with RACF indicator
- 1
- Generic profile name specified
- 2–7
- Reserved for IBM's use
|
16(10) |
DELGROUP |
8 |
EBCDIC |
Group name |
17(11) |
DELUSER |
8 |
EBCDIC |
User ID |
18(12) |
PASSWORD |
1 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- 0
- INTERVAL
- 1
- USER
- 2
- PASSWORD
- 3
- PHRASE
- 4–7
- Reserved for IBM's use
|
1 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
1 |
Binary |
Flags for keywords ignored because of error conditions: Same
format as flags for keywords specified. |
4 |
Binary |
Change-interval (INTERVAL keyword) Note: If the NOINTERVAL
keyword is specified, the change-interval changes to X'FF'.
|
8 |
EBCDIC |
User ID (USER keyword) |
19(13) |
PERMIT |
2 |
Binary |
Flags for keywords specified or taken as defaults: - Bit
- Keyword specified
- Byte 0
- 0
- CLASS
- 1
- ID
- 2
- ACCESS
- 3
- FROM
- 4
- DELETE
- 5
- FCLASS
- 6
- VOLUME
- 7
- FVOLUME
- Byte 1
- 0
- GENERIC
- 1
- FGENERIC
- 2
- RESET
- 3
- WHEN
- 4
- RESET(WHEN)
- 5
- RESET(STANDARD)
- 6–7
- Reserved for IBM's use
|
2 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified, except that bits are
not set for RESET(STANDARD) or RESET(WHEN). |
2 |
Binary |
Flags for keywords ignored because of error conditions: Same
format as flags for keywords specified, except that bits are not set
for RESET(STANDARD) or RESET(WHEN). |
2 |
Binary |
Flags for CLASS keyword, and for the RESET keyword: - Bit
- Option specified
- Byte 0
- 0–2
- Reserved for IBM's use
- 3
- DATASET
- 4
- DASDVOL
- 5
- TAPEVOL
- 6
- TERMINAL
- 7
- Reserved for IBM's use
- Byte 1
- 0
- FROM generic resource
- 1–5
- Reserved for IBM's use
- 6
- Conditional access list is indicated by RESET keyword.
- 7
- Standard access list is indicated by RESET keyword.
|
19(13) (Cont.) |
PERMIT (Cont.) |
1 |
Binary |
Flags for ACCESS keyword: Note: If this is a non-DFP data set, RACF ignores bit 4 when checking
access to the data set.
- Bit
- Authority specified
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4
- EXECUTE
- 5–6
- Reserved for IBM's use
- 7
- NONE
|
2 |
Binary |
Flags for FCLASS keyword: Same format as flags for CLASS
keyword.
|
20(14) |
RALTER |
* The data for event code 20 is
identical with the data for event code 21, with these exceptions. |
2 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- DATA
- 1
- OWNER
- 2
- UACC
- 3
- LEVEL
- 4
- AUDIT
- *5
- GLOBALAUDIT
- *6
- ADDVOL
- *7
- DELVOL
- Byte 1
- 0
- ADDMEM
- 1
- DELMEM
- 2
- APPLDATA
- 3
- SINGLEDSN
- *4
- NOSINGLEDSN
- 5
- WARNING
- 6
- NOWARNING
- 7
- WHEN
|
2 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
2 |
Binary |
Flags for class name: - Bit
- Option specified
- Byte 0
- 0–3
- Reserved for IBM's use
- 4
- DASDVOL
- 5
- TAPEVOL
- 6
- TERMINAL
- 7
- Reserved for IBM's use
- Byte 1
- 0
- Generic resource name specified.
- 1–7
- Reserved for IBM's use
|
8 |
EBCDIC |
User ID or group name (OWNER keyword) |
1 |
Binary |
Flags for UACC keyword: - Bit
- Authority specified
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4
- EXECUTE
- 5–6
- Reserved for IBM's use
- 7
- NONE
|
1 |
Binary |
nn (LEVEL keyword) |
20(14) (Cont.) |
RALTER (Cont.) |
1 |
Binary |
Flags for AUDIT keyword: - Bit
- Option specified
- 0
- ALL
- 1
- SUCCESS
- 2
- FAILURES
- 3
- NONE
- 4–5
- Success qualifier codes:
‘00’ READ
‘01’ UPDATE
‘10’ CONTROL
‘11’ ALTER
- 6–7
- FAILURES qualifier codes:
‘00’ READ
‘01’ UPDATE
‘10’ CONTROL
‘11’ ALTER
|
1 |
Binary |
*Flags for GLOBALAUDIT keyword: Same format as flags for AUDIT
keyword. |
2 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- NOTIFY
- *1
- NONOTIFY
- 2
- TVTOC
- *3
- NOTVTOC
- 4
- TIMEZONE
- *5
- NOTIMEZONE
- 6
- ADDCATEGORY
- *7
- DELCATEGORY
- Byte 1
- 0
- SECLEVEL
- *1
- NOSECLEVEL
- 2
- FROM
- 3
- FCLASS
- 4
- FVOLUME
- 5
- FGENERIC
- 6
- SECLABEL
- 7
- NOSECLABEL
|
2 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
8 |
EBCDIC |
User ID to be notified when profile denies access |
44 |
EBCDIC |
FROM resource name |
6 |
EBCDIC |
FROM volume volser |
20(14) (Cont.) |
RALTER (Cont.) |
8 |
EBCDIC |
FROM class name |
1 |
Binary |
LOGON days: - Bit
- Day specified
- 0
- Sunday
- 1
- Monday
- 2
- Tuesday
- 3
- Wednesday
- 4
- Thursday
- 5
- Friday
- 6
- Saturday
- 7
- No keyword
|
3 |
packed |
Logon time, packed. If no subkeyword, then binary zeros. |
3 |
packed |
Logoff time, packed. If no subkeyword, then binary zeros. |
3 |
packed |
TIMEZONE value: - Bit
- Bit value specified
- Byte 0–2
-
- Signed decimal number
|
44 |
EBCDIC |
SECLEVEL name |
8 |
EBCDIC |
SECLABEL name |
21(15) |
RDEFINE |
* The data for event code 21 is
identical to the data for event code 20, with these exceptions. |
2 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- DATA
- 1
- OWNER
- 2
- UACC
- 3
- LEVEL
- 4
- AUDIT
- 5
- GLOBALAUDIT
- 6
- ADDVOL
- 7
- DELVOL
- Byte 1
- 0
- ADDMEM
- 1
- DELMEM
- 2
- APPLDATA
- 3
- SINGLEDSN
- 4
- NOSINGLEDSN
- 5
- WARNING
- 6
- NOWARNING
- 7
- WHEN
|
2 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
2 |
Binary |
Flags for class name: - Bit
- Option specified
- Byte 0
- 0–3
- Reserved for IBM's use
- 4
- DASDVOL
- 5
- TAPEVOL
- 6
- TERMINAL
- 7
- Reserved for IBM's use
- Byte 1
- 0
- Generic resource name specified
- 1–7
- Reserved for IBM's use
|
8 |
EBCDIC |
User ID or group name (OWNER keyword) |
21(15) (Cont.) |
RDEFINE (Cont.) |
1 |
Binary |
Flags for UACC keyword: - Bit
- Authority specified
- 0
- ALTER
- 1
- CONTROL
- 2
- UPDATE
- 3
- READ
- 4
- EXECUTE
- 5–6
- Reserved for IBM's use
- 7
- NONE
|
1 |
Binary |
nn (LEVEL keyword) |
1 |
Binary |
Flags for AUDIT keyword: - Bit
- Authority specified
- 0
- ALL
- 1
- SUCCESS
‘00’ READ
‘01’ UPDATE
‘10’ CONTROL
‘11’ ALTER
- 2
- FAILURES
‘00’ READ
‘01’ UPDATE
‘10’ CONTROL
‘11’ ALTER
- 3
- NONE
- 4–5
- SUCCESS qualifier codes
- 6–7
- FAILURES qualifier codes
|
1 |
Binary |
*Reserved for IBM's use |
2 |
Binary |
Flags for keywords specified: - Bit
- Option specified
- Byte 0
- 0
- NOTIFY
- *1
- NONOTIFY
- 2
- TVTOC
- *3
- NOTVTOC
- 4
- TIMEZONE
- *5
- NOTIMEZONE
- 6
- ADDCATEGORY
- *7
- DELCATEGORY
- Byte 1
- 0
- SECLEVEL
- *1
- NOSECLEVEL
- 2
- FROM
- 3
- FCLASS
- 4
- FVOLUME
- 5
- FGENERIC
- 6
- SECLABEL
- 7
- NOSECLABEL
|
2 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
8 |
EBCDIC |
User ID to be notified when profile denies access |
44 |
EBCDIC |
FROM resource name |
21(15) (Cont.) |
RDEFINE (Cont.) |
6 |
EBCDIC |
FROM volume volser |
8 |
EBCDIC |
FROM class name |
1 |
Binary |
LOGON days: - Bit
- Day specified
- 0
- Sunday
- 1
- Monday
- 2
- Tuesday
- 3
- Wednesday
- 4
- Thursday
- 5
- Friday
- 6
- Saturday
- 7
- No keyword
|
3 |
packed |
Logon time, packed. If no subkeyword, then binary zeros. |
3 |
packed |
Logoff time, packed. If no subkeyword, then binary zeros. |
3 |
packed |
TIMEZONE value: - Bit
- Option specified
- Byte 0
- 0–7
- Reserved for IBM's use
- Byte 1
- 0–7
- Reserved for IBM's use
- Byte 2
- 0–3
- Reserved for IBM's use
- 4–7
- Time zone
|
44 |
EBCDIC |
SECLEVEL name |
8 |
EBCDIC |
SECLABEL name |
22(16) |
RDELETE |
2 |
Binary |
Flags for class name: - Bit
- Option specified
- Byte 0
- 0–3
- Reserved for IBM's use
- 4
- DASDVOL
- 5
- TAPEVOL
- 6
- TERMINAL
- 7
- Reserved for IBM's use
- Byte 1
- 0
- Generic resource name specified
- 1–7
- Reserved for IBM's use
|
23(17) |
REMOVE |
1 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- 0
- GROUP
- 1
- OWNER
- 2–7
- Reserved for IBM's use
|
1 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
8 |
EBCDIC |
User ID (to be removed) |
8 |
EBCDIC |
Group name (GROUP keyword) |
8 |
EBCDIC |
User ID or group name (OWNER keyword) |
24(18) |
SETROPTS |
3 |
Binary |
Flags for keywords specified: - Bit
- Option specified
- Byte 0
- 0
- TAPE
- 1
- NOTAPE
- 2
- INITSTATS
- 3
- NOINITSTATS
- 4
- SAUDIT
- 5
- NOSAUDIT
- 6
- STATISTICS
- 7
- NOSTATISTICS
- Byte 1
- 0
- AUDIT
- 1
- NOAUDIT
- 2
- TERMINAL
- 3
- NOTERMINAL
- 4
- INTERVAL (PASSWORD)
- 5
- CMDVIOL
- 6
- NOCMDVIOL
- 7
- DASD
- Byte 2
- 0
- NODASD
- 1
- CLASSACT
- 2
- NOCLASSACT
- 3
- HISTORY or NOHISTORY
- 4
- WARNING or NOWARNING
- 5
- REVOKE or NOREVOKE
- 6
- NORULES or RULEn
- 7
- INACTIVE INTERVAL
|
3 |
Binary |
Flags for keywords ignored because of insufficient authority:
Same format as flags for keywords specified. |
1 |
Binary |
Flags for STATISTICS or NOSTATISTICS keyword: - Bit
- Option specified
- Byte 0
- 0–2
- Reserved for IBM's use
- 3
- DATASET
- 4
- DASDVOL
- 5
- TAPEVOL
- 6
- TERMINAL
- 7
- Reserved for IBM's use
|
1 |
Binary |
Flags for keywords ignored: - Bit
- Keyword specified
- 0
- MODEL-GDG
- 1
- MODEL-NOGDG
- 2
- MODEL-USER
- 3
- MODEL-NOUSER
- 4
- MODEL-GROUP
- 5
- MODEL-NOGROUP
- 6
- GRPLIST
- 7
- NOGRPLIST
|
24(18) (Cont.) |
SETROPTS (Cont.) |
1 |
Binary |
Flags for AUDIT or NOAUDIT keyword: - Bit
- Option specified
- 0
- Reserved for IBM's use
- 1
- GROUP
- 2
- USER
- 3
- DATASET
- 4
- DASDVOL
- 5
- TAPEVOL
- 6
- TERMINAL
- 7
- Reserved for IBM's use
|
1 |
Binary |
Flags for keywords specified: - Bit
- Option specified
- 0
- MODEL-GDG
- 1
- MODEL-NOGDG
- 2
- MODEL-USER
- 3
- MODEL-NOUSER
- 4
- MODEL-GROUP
- 5
- MODEL-NOGROUP
- 6
- GRPLIST
- 7
- NOGRPLIST
|
1 |
Binary |
Change-interval (INTERVAL keyword) |
1 |
Binary |
Flags for TERMINAL keyword: - Bit
- Option specified
- 0–2
- Reserved for IBM's use
- 3
- READ
- 4–6
- Reserved for IBM's use
- 7
- NONE
|
1 |
Binary |
Flags for current statistics options after SETROPTS has executed:- Bit
- Option specified
- 0
- Reserved for IBM's use
- 1
- Bypass RACINIT statistics
- 2
- Bypass data set statistics
- 3
- Bypass tape volume statistics
- 4
- Bypass DASD volume statistics
- 5
- Bypass terminal statistics
- 6
- Bypass ADSP attribute
- 7
- EGN in effect
|
1 |
Binary |
Flags for current audit options after SETROPTS has executed:- Bit
- Option specified
- 0
- Reserved for IBM's use
- 1
- Log group class
- 2
- Log user class
- 3
- Log data set class
- 4
- Log DASD volume class
- 5
- Log tape volume class
- 6
- Log terminal class
- 7
- Reserved for IBM's use
|
1 |
Binary |
Reserved for IBM's use |
24(18) (Cont.) |
SETROPTS (Cont.) |
2 |
Binary |
Flags for miscellaneous options after SETROPTS has executed:- Bit
- Option specified
- Byte 0
- 0
- Perform terminal authorization checking
- 1
- Terminal UACC=NONE (if this bit is off, terminal UACC=READ)
- 2
- Log RACF command violations
- 3
- Log SPECIAL user activity
- 5–7
- Reserved for IBM's use
- Byte 1
- 0
- Tape volume protection is in effect
- 1
- DASD volume protection is in effect
- 2
- Generic profile processing is in effect for the DATASET class
- 3
- Generic command (GENCMD) processing is in effect for the DATASET
class
- 4
- REALDSN is in effect
- 5
- JES-XBMALLRACF is in effect
- 6
- JES-EARLYVERIFY is in effect
- 7
- JES-BATCHALLRACF is in effect
|
1 |
Binary |
Maximum password interval |
1 |
Binary |
Password history generation value |
1 |
Binary |
Password revoke value |
1 |
Binary |
Password warning level |
80 |
Binary Binary EBCDIC |
Password syntax rules (eight rules). Each rule has the following
basic format: - Byte
- Description
- 0
- Starting length value
- 1
- Ending length value
- 2–9
- Character content rules for each of the eight possible positions.
The character values are:
L = Alphanumeric
A = Alphabetic
N = Numeric
V = Vowel
C = Consonant
W = No vowels
|
1 |
Binary |
User ID inactive interval |
24(18) (Cont.) |
SETROPTS (Cont.) |
3 |
Binary |
Flags for keywords specified: - Bit
- Option specified
- Byte 0
- 0
- ADSP
- 1
- NOADSP
- 2
- GENERIC
- 3
- NOGENERIC
- 4
- GENCMD
- 5
- NOGENCMD
- 6
- GLOBAL
- 7
- NOGLOBAL
- Byte 1
- 0
- PREFIX
- 1
- NOPREFIX
- 2
- REALDSN
- 3
- NOREALDSN
- 4
- JES-XBMALLRACF
- 5
- JES-NOXBMALLRACF
- 6
- JES-BATCHALLRACF
- 7
- JES-NOBATCHALLRACF
- Byte 2
- 0
- JES-EARLYVERIFY
- 1
- JES-NOEARLYVERIFY
- 2
- REFRESH
- 3
- PROTECTALL-WARNING
- 4
- PROTECTALL-FAILURE
- 5
- NOPROTECTALL
- 6
- EGN in effect
- 7
- NOEGN in effect
|
3 |
Binary |
Flags for keywords specified but ignored because of insufficient
authority: Same format as flags for keywords specified. |
8 |
EBCDIC |
Single-level data set name prefix |
3 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- TAPEDSN
- 1
- NOTAPEDSN
- 2
- NOEOS
- 3
- EOS
- 4
- EOS-SECLEVEL
- 5
- EOS-NOSECLEVEL
- 6
- RETPD
- 7
- WHEN
- Byte 1
- 0
- NOWHEN
- 1
- OPERAUDIT
- 2
- NOOPERAUDIT
- 3
- RVARY SWITCH
- 4
- RVARY ACTIVE/INACTIVE
- 5
- ERASE-ALL
- 6–7
- Reserved for IBM's use
- Byte 2
- 0–7
- Reserved for IBM's use
|
24(18) (Cont.) |
SETROPTS (Cont.) |
3 |
Binary |
Flags for keywords specified but ignored because of insufficient
authority: Same format as flags for keywords specified. |
1 |
Binary |
Erase on scratch security level |
2 |
Binary |
Retention period |
1 |
Binary |
Flags for miscellaneous options after SETROPTS processing: - Bit
- Option specified
- Byte 0
- 0
- PROTECTALL-WARNING
- 1
- PROTECTALL-FAILURES
- 2
- EOS
- 3
- EOS-SECLEVEL
- 4
- TAPEDSN
- 5
- WHEN
- 6
- EOS ALL IN EFFECT (erase everything)
- 7
- Reserved for IBM's use
|
5 |
Binary |
Flags for keywords specified: - Bit
- Option specified
- Byte 0
- 0–7
- Reserved for IBM's use
- Byte 1
- 0
- GENLIST
- 1
- NOGENLIST
- 2
- RACLIST
- 3
- NORACLIST
- 4
- SECLEVELAUDIT
- 5
- NOSECLEVELAUDIT
- 6
- SECLABELAUDIT
- 7
- NOSECLABELAUDIT
- 8
- SECLABELCONTROL
- 9
- NOSECLABELCONTROL
- 10
- MLQUIET
- 11
- NOMLQUIET
- 12
- MLSTABLE
- 13
- NOMLSTABLE
- 14
- GENERICOWNER
- 15
- NOGENERICOWNER
- 16
- SESSIONINTERVAL
- 17
- NOSESSIONINTERVAL
- 18
- JES NJEUSERID (userid ID)
- 19
- JES UNDEFINEDUSER (user ID)
- 20
- COMPATMODE
- 21
- NOCOMPATMODE
- 22
- MLS WARNING
- 23
- MLS FAILURES
- 24
- NOMLS
- 25
- MLACTIVE WARNING
- 26
- MLACTIVE FAILURES
- 27
- NOMLACTIVE
- 28
- CATDSNS WARNING
- 29
- CATDSNS FAILURES
- 30
- NOCATDSNS
- 31
- LOGOPTIONS
|
24(18) (Cont.) |
SETROPTS (Cont.) |
4 |
Binary |
Flags for keywords specified but ignored because of insufficient
authority: Same format as flags for keywords specified. |
1 |
Binary |
SECLEVEL audit value (auditing occurs for all resources having
at least this value |
2 |
Binary |
SESSIONINTERVAL interval |
1 |
Binary |
Log options for data set - Bit
- Keyword specified
- 0
- ALWAYS
- 1
- NEVER
- 2
- SUCCESSES
- 3
- FAILURES
- 4
- DEFAULT
- 5–7
- Reserved for IBM's use
|
2 |
Binary |
Current SETROPTS options for multilevel security- Bit
- Keyword specified
- 0
- SECLABELAUDIT
- 1
- SECLABELCONTROL
- 2
- MLQUIET
- 3
- MLSTABLE
- 4
- GENERICOWNER
- 5
- COMPATMODE
- 6
- MLS WARNING
- 7
- MLS FAILURES
- 8
- MLACTIVE WARNING
- 9
- MLACTIVE FAILURES
- 10
- CATDSNS WARNING
- 11
- CATDSNS FAILURES
- 12
- APPLAUDIT
- 13
- ADDCREATOR
- 14–15
- Reserved for IBM's use
|
8 |
EBCDIC |
User ID for JES NJEUSERID |
8 |
EBCDIC |
User ID for JES UNDEFINEDUSER |
1 |
Binary |
Password MINCHANGE interval value |
1 |
EBCDIC |
Reserved for IBM's use |
4 |
Binary |
Flags for keywords specified - Bit
- Keyword specified
- 0
- Primary language specified
- 1
- Secondary language specified
- 2
- ADDCREATOR specified
- 3
- NOADDCREATOR specified
- 4
- LIST specified
- 5
- KERBLVL specified
- 6
- EIMREGISTRY specified
- 7
- NOEIMREGISTRY specified
- 8
- Password MINCHANGE specified
- 9
- Password MIXEDCASE specified
- 10
- Password NOMIXEDCASE specified
- 11–15
- Reserved for IBM's use
- 16
- MLFSOBJ(ACTIVE) specified
- 17
- MLFSOBJ(INACTIVE) specified
- 18
- MLIPCOBJ(ACTIVE) specified
- 19
- MLFSOBJ(INACTIVE) specified
- 20
- MLNAMES specified
- 21
- NOMLNAMES specified
- 22
- SECLBYSYSTEM specified
- 23
- NOSECLBYSYSTEM specified
- 24–31
- Reserved for IBM's use
|
24(18) (Cont.) |
SETROPTS (Cont.) |
4 |
Binary |
Flags for keywords specified but ignored because
of insufficient authority: same format as flags for keywords specified. |
3 |
EBCDIC |
Primary language default |
3 |
EBCDIC |
Secondary language default |
1 |
Binary |
Flags for asterisk (*) specified - Bit
- Keyword specified
- 0
- Asterisk (*) specified for GENERIC
- 1
- Asterisk (*) specified for GLOBAL
- 2
- Asterisk (*) specified for AUDIT
- 3
- Asterisk (*) specified for STATISTICS
- 4
- Asterisk (*) specified for CLASSACT
- 5
- Asterisk (*) specified for GENCMD
- 6
- Asterisk (*) specified for LOGOPTIONS DEFAULT
- 7
- Reserved for IBM's use
|
1 |
Binary |
KERBLVL setting |
1 |
Binary |
Current multilevel security options- Bit
- Keyword specified
- 0
- MLFSOBJ is active
- 1
- MLIPCOBJ is active
- 2
- MLNAMES is active
- 3
- SECLBYSYSTEM is active
- 4–7
- Reserved for IBM's use
|
1 |
Binary |
Current minimum password change interval (MINCHANGE) |
1 |
Binary |
Current options- Bit
- Option
- 0
- Mixed case passwords are allowed
- 1–7
- Reserved for IBM's use
|
76 |
EBCDIC |
Reserved for IBM's use |
25(19) |
RVARY |
1 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- 0
- ACTIVE
- 1
- INACTIVE
- 2
- NOTAPE
- 3
- NOCLASSACT
- 4
- SWITCH
- 5
- DATASET
- 6
- LIST
- 7
- NOLIST
|
1 |
Binary |
Flags for other violations: - Bit
- Violation
- 0
- Command denied by operator
- 1
- Nonzero code returned from RACF manager
during ACTIVE processing
- 2–7
- Reserved for IBM's use
|
1 |
Binary |
Flags for other keywords specified: - Bit
- Keyword specified
- 0
- DATASHARE
- 1
- NODATASHARE
|
59(3B) |
RACLINK |
20 |
EBCDIC |
Phase identifier (1 of 3 values: LOCAL ISSUANCE, TARGET PROCESSING,
or TARGET RESPONSE) |
2 |
Binary |
Flags for keywords specified: - Bit
- Option specified
- Byte 0
- 0
- DEFINE
- 1
- UNDEFINE
- 2
- APPROVE
- 3–7
- Reserved for IBM's use
- Byte 1
- 0
- PEER
- 1
- MANAGED
- 2
- PWSYNC
- 3
- NOPWSYNC
- 4
- Password supplied
- 5–7
- Reserved for IBM's use
|
2 |
Binary |
Reserved for IBM's use |
8 |
EBCDIC |
Issuing node |
8 |
EBCDIC |
Issuing user ID |
8 |
EBCDIC |
Source user ID for association (from ID keyword) |
8 |
EBCDIC |
Target node name |
8 |
EBCDIC |
Target user ID |
8 |
EBCDIC |
Target authorization ID (ID under whose authority the association
was established) |
4 |
EBCDIC |
Originating system's SMF ID from where LOCAL ISSUANCE occurred |
4 |
Binary |
Original timestamp (local time) from when LOCAL ISSUANCE occurred |
4 |
Packed |
Original date when LOCAL ISSUANCE occurred Note: The preceding
3 fields contain the LOCAL ISSUANCE information for all 3 phases.
|
1 |
Binary |
Status flags: - Bit
- Status
- Byte 0
- 0
- Association established
- 1
- Association pending
- 2
- Association deleted
- 3
- Password supplied is not valid
- 4
- Valid password supplied
- 5
- Expired password supplied
- 6
- Revoked user ID
- 7
- Reserved for IBM's use
Note: When the event code qualifier is 0, and the status
flags indicate that no password was supplied and that the association
is established, an authorization user ID was used from the association
list. If the status flags indicate that no password was supplied and
the association is pending, no user ID in the authorization list had
the appropriate authority or no association list exists.
|
66(42) |
RACDCERT |
4 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- ADD
- 1
- ALTER
- 2
- DELETE
- 3
- CONNECT
- 4
- REMOVE
- 5
- SITE
- 6
- CERTAUTH
- 7
- ICSF
- Byte 1
- 0
- TRUST
- 1
- NOTRUST
- 2
- ADDRING
- 3
- DELRING
- 4
- USAGE(PERSONAL)
- 5
- USAGE(SITE)
- 6
- USAGE(CERTAUTH)
- 7
- DEFAULT
- Byte 2
- 0
- CONNECT(SITE)
- 1
- CONNECT(CERTAUTH)
- 2
- GENCERT
- 3
- EXPORT
- 4
- GENREQ
- 5
- SIGNWITH(CERTAUTH... specified
- 6
- SIGNWITH(SITE... specified
- 7
- PASSWORD
- Byte 3
- 0
- MAP
- 1
- ALTMAP
- 2
- DELMAP
- 3
- MULTIID
- 4
- HIGHTRUST
- 5
- PCICC
- 6
- DSA
- 7
- FROMICSF
|
8 |
EBCDIC |
User ID (from ID keyword on RACDCERT) |
44 |
EBCDIC |
Data set name |
32 |
EBCDIC |
Label name |
8 |
EBCDIC |
User ID (from ID sub-keyword) |
32 |
EBCDIC |
WITHLABEL |
4 |
Binary |
SIZE |
10 |
EBCDIC |
NOTBEFORE(date) in the format yyyy/mm/dd |
8 |
EBCDIC |
NOTBEFORE(time) in the format hh:mm:ss |
10 |
EBCDIC |
NOTAFTER(date) in the format yyyy/mm/dd |
8 |
EBCDIC |
NOTAFTER(time) in the format hh:mm:ss |
1 |
Binary |
FORMAT- X'01'
- CERTB64
- X'02'
- CERTDER
- X'03'
- PKCS12B64
- X'04'
- PKCS12DER
- X'05'
- PKCS7B64
- X'06'
- PKCS7DER
|
66(42) (Cont.) |
RACDCERT (Cont.) |
4 |
Binary |
More flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- ALTIP
- 1
- ALTEMAIL
- 2
- ALTDOMAIN
- 3
- ALTURI
- 4
- KUHANDSHAKE
- 5
- KUDATAENCR
- 6
- KUDOCSIGN
- 7
- KUCERTSIGN
- Byte 1
- 0
- REKEY
- 1
- ROLLOVER
- 2
- FORCE
- 3
- ADDTOKEN
- 4
- DELTOKEN
- 5
- BIND
- 6
- UNBIND
- 7
- IMPORT
- Byte 2
- 0
- NISTECC
- 1
- BPECC
- 2
- KUKEYAGREE
- 3
- RSA
- 4
- PKDS
- 5
- TOKEN
- 6–7
- Reserved for IBM's use
- Byte 3
- 0–7
- Reserved for IBM's use
|
4 |
Binary |
SEQNUM |
87(57) |
RACMAP |
4 |
Binary |
Flags for keywords specified: - Bit
- Keyword specified
- Byte 0
- 0
- MAP
- 1
- DELMAP
- 2
- QUERY
- 3–7
- Reserved for IBM's use
- Byte 1
- 0–7
- Reserved for IBM's use
- Byte 2
- 0–7
- Reserved for IBM's use
- Byte 3
- 0–7
- Reserved for IBM's use
|
8 |
EBCDIC |
User ID |
32 |
EBCDIC |
Label name |
|