For an overview of how segment and field entries are used, see R_admin update functions.
For the R_admin update functions, the caller provides segment
and field entries to identify the segment(s) and field(s) which should
be added, altered, deleted, or listed. For SETROPTS extract, RACF® returns a BASE segment entry
and field entries in the same way.
A segment entry is mapped as follows:
Table 1. Segment entry
mapping| Offset |
Length |
Description |
|---|
| 0 |
8 |
Profile segment name (left-justified, uppercase,
and padded with blanks). The segment name must be one of the documented
segments for the profile type in question. |
| 8 |
1 |
Flag byte. See Table 2 for
information on flag usage. |
| 9 |
2 |
Number of field entries within the segment. |
| 11 |
* |
First field entry for the segment. |
For user and group delete functions, no segment data is expected.
The number of segments should be zero. If non-zero, any segment data
present is ignored.
For list functions, the caller must provide a segment entry for
each segment which is to be listed (including the BASE segment). The
command output for the segments is returned in the order in which
the segment entries were supplied, except that the BASE segment is
always returned first.
The following table describes the flag byte usage:
Table 2. Flag byte usage| Flag byte value |
Description |
|---|
| "Y" |
- For add functions, create the segment
- For alter functions, create or modify the segment
- For list functions, display the segment
|
| "N" |
- For add functions, do not create the segment (This usage is optional.
You can simply omit the segment entry.)
- For alter functions, delete the segment
|
| "I" |
- For add and alter functions, ignore this segment entry and any
field entries within it
- For resource list functions, ignore this segment entry (do not
display the segment)
|
Note: - For a value of "N", and for user and group list functions, no
field data is expected, and the number of fields specified in the
segment entry should be zero. If non-zero, any field data present
is ignored.
- The flag byte is ignored for the BASE segment.
- The flag byte is ignored for all delete functions.
- For some uses of "Y", you are not necessarily creating or altering
a segment, but are simply providing the segment entry as a means to
contain field entries. For example, the resource functions require
a BASE segment entry containing, at a minimum, a field entry for the PROFILE
field to identify the target profile name. This usage is highlighted
on the resource delete and list functions. Here, some fields correspond
to command keywords but not necessarily to database fields (For example,
the GENERIC "field" for data sets, or the AUTHUSER "field" for general
resources and data sets).
Each field entry is mapped as in
Table 3.
Note: Repeating data is specified as blank or comma delimited character
strings.
The following table describes the flag byte usage:
Table 4. Flag byte usage| Flag byte value |
Boolean field descriptions |
Text field descriptions |
Repeating text field descriptions |
|---|
| "Y" |
Set the value to TRUE |
Create or modify the field with the specified
data |
Create or replace the field with the specified
data |
| "A" |
N/A |
N/A |
Add the specified data to the existing data,
if any |
| "D" |
N/A |
N/A |
Delete the specified data from the existing
data |
| "N" |
Set the value to FALSE |
For alter functions, delete the field. Otherwise,
N/A. |
Remove all data from the field |
| "I" |
Ignore the field
entry |
Note: - For boolean fields, no field data is allowed. Coding field data
results in an "Invalid Request" error being returned to the caller.
- For flag byte 'N', any field data specified is ignored.
- For flag byte 'A', field data must be specified. If field data
is not specified, an "Invalid Request" error is returned to the caller.
z/OS Security Server RACF Callable Services
Copyright IBM Corporation 1990, 2014