RACF DETECTED AN INVALID
NON-EGN DATASET PROFILE NAME. PROFILE profile-name DOES
NOT PROTECT THE INTENDED RESOURCES.
Explanation
RACF® detected
a profile that was added before the enablement of Enhanced Generic
Names (EGN) and that cannot be interpreted as intended under EGN rules.
This message identifies the non-EGN generic data set profile name.
Under EGN rules, the profile might not protect the resources that
it was defined to protect. If this message is issued during processing
of a SEARCH or LISTDSD GENERIC request, bad profile names (particularly
names 43 and 44 characters in length) might also be displayed and
the output is considered unreliable.
For example, suppose the
following six generic data set profiles were defined before turning
EGN on:
1 ADDSD 'IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.XX.D.D.*'
2 ADDSD 'IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.XX.D.DD*'
3 ADDSD 'IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.XX.D.D.*'
4 ADDSD 'IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.XX.D.DD*'
5 ADDSD 'IBMUSER.IBMUSER.IBMUSER.IBMUSER.USE.XX.D.D.*'
6 ADDSD 'IBMUSER.IBMUSER.IBMUSER.IBMUSER.USE.XX.D.DD*'
Then EGN was enabled and three more generic data set profiles
were defined:
7 ADDSD 'IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.**'
8 ADDSD 'IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.**'
9 ADDSD 'IBMUSER.IBMUSER.IBMUSER.IBMUSER.USE.**'
A subsequent SEARCH request would display the following information:
SEARCH CLASS(DATASET)
IRR416I RACF DETECTED AN INVALID NON-EGN DATASET PROFILE NAME.
PROFILE IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.XX.D.D.*
DOES NOT PROTECT THE INTENDED RESOURCES.
IRR416I RACF DETECTED AN INVALID NON-EGN DATASET PROFILE NAME.
PROFILE IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.XX.D.DD*
DOES NOT PROTECT THE INTENDED RESOURCES.
IRR416I RACF DETECTED AN INVALID NON-EGN DATASET PROFILE NAME.
PROFILE IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.XX.D.D.*
DOES NOT PROTECT THE INTENDED RESOURCES.
IRR416I RACF DETECTED AN INVALID NON-EGN DATASET PROFILE NAME.
PROFILE IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.XX.D.DD*
DOES NOT PROTECT THE INTENDED RESOURCES.
A IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.XX.D.D.*.* (G)
IRR416I RACF DETECTED AN INVALID NON-EGN DATASET PROFILE NAME.
PROFILE IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.XX.D.D.*
DOES NOT PROTECT THE INTENDED RESOURCES.
B IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.XX.D.DD*.* (G)
IRR416I RACF DETECTED AN INVALID NON-EGN DATASET PROFILE NAME.
PROFILE IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.XX.D.DD*
DOES NOT PROTECT THE INTENDED RESOURCES.
C IBMUSER.IBMUSER.IBMUSER.IBMUSER.U.** (G)
D IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.XX.D.D.* (G)
IRR416I RACF DETECTED AN INVALID NON-EGN DATASET PROFILE NAME.
PROFILE IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.XX.D.D.*
DOES NOT PROTECT THE INTENDED RESOURCES.
E IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.XX.D.DD* (G)
IRR416I RACF DETECTED AN INVALID NON-EGN DATASET PROFILE NAME.
PROFILE IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.XX.D.DD*
DOES NOT PROTECT THE INTENDED RESOURCES.
F IBMUSER.IBMUSER.IBMUSER.IBMUSER.US.** (G)
G IBMUSER.IBMUSER.IBMUSER.IBMUSER.USE.XX.D.D.* (G)
H IBMUSER.IBMUSER.IBMUSER.IBMUSER.USE.XX.D.DD* (G)
I IBMUSER.IBMUSER.IBMUSER.IBMUSER.USE.** (G)
RACF command processing
might cause the IRR416I message to be issued more than once. However,
any time it is issued during a command invocation, the command output
must be considered unreliable. In the example above, changes in EGN
rules might cause RACF to incorrectly
interpret non-EGN profiles (1) and (2) as SEARCH profiles (A) and
(B). These profiles no longer cover the intended resources. Even
though names (D) and (E) appear correct, with no additional characters
at the end, they also do not cover the intended resources and cause
IRR416I messages to be issued. EGN profiles (7), (8), and (9) were
correctly displayed by SEARCH as (C), (F), and (I). Profiles (G)
and (H) follow the same rules under non-EGN and EGN, so they actually
protect what they were intended to protect.
System action
RACF processing
of the request continues.
Operator response
Report this message to the systems programmer
or the RACF security administrator
and save the message output.
Programmer response
See "Problem Determination."
Problem determination
This message identifies the bad profile.
An
EGN profile, possibly less specific, can be defined to protect the
wanted resources; however, the original bad non-EGN profile must still
be deleted to prevent further IRR416I messages.
To delete bad
profiles:
- Use SETROPTS NOEGN to temporarily disable EGN. During this time,
there is no other system activity, in order to prevent the creation
of generic profiles that can result in additional problems. Under
normal circumstances, it is not recommended that EGN be turned off
after it is turned on.
- Use SEARCH GENERIC CLIST NOMASK NOLIST to create a CLIST containing
generic data set profile names.
- Edit the CLIST, to find 42- and 43-character names ending in '.*'.
- Delete the profiles found.
- Use SETROPTS EGN to re-enable EGN.
- Define profiles according to EGN rules that protect the resources
intended to be protected by the non-EGN profile names.
Routing code
9 and 11
Routing code 11 is only used when
a TSO environment is not in effect.
Descriptor code