Basic structure of a role

Edit online

View a table that describes how the role data is structured.

Table 1. Access-control system: basic structure of a role

Access-control system: basic structure of a role. A table with three columns providing Offset, length and a description.
Offset Length (bytes) Description
00 01 Role structure major version number: X'01'.
01 01 Role structure minor version number: X'00'.
02 02 Role structure length (big endian).
04 20 Comment.

A 20-character variable padded on the right with spaces, containing a comment which describes the role. This variable is not null (X'00') terminated.
24 02 Checksum (big endian).

The checksum value is not used in the current role structure. It can be verified by the IBM® Cryptographic Coprocessor with a future version of the role structure.
26 02 Reserved (big endian): X'0000'.
28 08 Role ID.
36 02 Required authentication strength (big endian).

A 2-byte integer defining how secure the user authentication must be in order to authorize this role.
38 02 Lower time limit.

The earliest time of day that this role can be used. Format is h : m where:

Value
Meaning
h
Hour in 24-hour format (binary integer, 0 - 23).
m
Minute (binary integer, 0 - 59).
40 02 Upper time limit.

The latest time of day that this role can be used. Format is the same as lower time limit (offset 38).

If the lower time limit and upper time limit are identical, the role is valid for use at any time of the day.
42 01 Valid days of week (DOW):
Value
Meaning
B'0xxx xxxx'
Role cannot be used on Sunday.
B'1xxx xxxx'
Role can be used on Sunday.
B'x0xx xxxx'
Role cannot be used on Monday.
B'x1xx xxxx'
Role can be used on Monday.
B'xx0x xxxx'
Role cannot be used on Tuesday.
B'xx1x xxxx'
Role can be used on Tuesday.
B'xxx0 xxxx'
Role cannot be used on Wednesday.
B'xxx1 xxxx'
Role can be used on Wednesday.
B'xxxx 0xxx'
Role cannot be used on Thursday.
B'xxxx 1xxx'
Role can be used on Thursday.
B'xxxx x0xx'
Role cannot be used on Friday.
B'xxxx x1xx'
Role can be used on Friday.
B'xxxx xx0x'
Role cannot be used on Saturday.
B'xxxx xx1x'
Role can be used on Saturday.
B'xxxx xxx0'
Reserved (must be 0).
B'xxxx xxx1'
Undefined.
43 01 Reserved (X'00')
44 variable Access-control-point list (permitted or disallowed operations). The permitted operations are defined by the access control point list, described in Table 1.