z/OS Security Server RACF Macros and Interfaces
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF

Determining space requirements for the profiles

z/OS Security Server RACF Macros and Interfaces
SA23-2288-00

The formula for calculating the space required for each segment (Base RACF® information, TSO, DFP, and so on) of each profile in the RACF database is as follows:

P = 20 + L + F1 + F4 + R

Where:

Space required
P = The number of bytes required for a profile segment
L = The number of bytes in the profile name
F1 = The sum of the lengths of all fields that contain data and have a length of 1 to 127 bytes, plus 2 bytes for every field counted.

For example, if a segment contains 3 non-null fields of length 8, F1 = (3 * 8) + (3 * 2) = 24 + 6 = 30.

F4 = The sum of the lengths of all fields that contain data and have a length of 128 to 2**31 bytes, plus 5 bytes for every field counted.

For example, if a segment contains a non-null field 150 bytes long and a non-null field 255 bytes long, F4 = 150 + 255 + (2 * 5) = 150 + 255 + 10 = 415

R = The sum of the lengths of all repeat groups. If a repeat group has no occurrences, then it has a length of 0 bytes. If a repeat group has 1 or more occurrences, then the length of each repeat group is calculated as follows:

9 + N + G1 + G4

N = The number of occurrences of the group.

G1 = The sum of the lengths of all fields in the group, which have a length of 1 to 127 bytes, plus 1 byte for every field counted. If a field has a length of zero, it will still take up 1 byte in the profile.

G4 = The sum of the lengths of all fields in the group, which have a length of 128 to 2**31 bytes, plus 4 bytes for every field counted.

For example, consider a group with two occurrences. Each occurrence contains an 8-byte field and a variable length field. In the first occurrence, the variable length field is 30 bytes and in second occurrence, it is 200 bytes. The length of the group is: 9 + 2 + G1 + G4

G1 is (8 + 1) + (30 + 1) from the first occurrence and (8 + 1) from the second, for a total of 49 bytes. G4 is (200 + 4) from the second occurrence, or 204 bytes. So, the length of the group is 9 + 2 + 49 + 204, or 264 bytes.

Note: For each repeat group (except CGGRPCT in the USER profile), the amount of data can not exceed 65 535 bytes to ensure proper processing by programs retrieving the data using ICHEINTY with DATAMAP=OLD. To calculate the amount of data to determine whether it will fit within this limit, examine the template definitions for the repeat group and the data for that repeat group contained within the profile. For each fixed length field in each occurrence of the repeat group add the length of the field as shown in its template definition. For each variable length field in each occurrence of the repeat group add the length of the data in the field plus one. When you are done, the total cannot exceed 65 535.

For example, this would translate into a maximum of 8191 group connections per user, based on the CONGRPCT repeat group in the USER template. This group contains one 8-byte field, making the calculation of the limit a simple one of dividing 65 535 by 8 and dropping any remainder.

As another example, this would translate into a maximum of 5957 users connected to a group, based on the ACLCNT repeat group in the GROUP template. This group contains one 8-byte field (USERID), one 1-byte field (USERACS), and one 2-byte field (ACSCNT). This gives a total length of eleven for the fixed-length fields in each occurrence. Dividing 65 535 by 11 and dropping the remainder gives the limit of 5957.

When calculating F1 and F4, remember that statistical fields (Flag1/bit 7 on, in the template definition) are always stored in a profile segment, even when the field contains a null value. For example, LJTIME always adds 3 bytes to the length of a USER profile Base segment, regardless of whether it contains a zero value or some other value. Other fields only exist in the segment if a specific value has been added for that field.

Note: The RACF database space required for a segment is a multiple of the 256-byte slots required to contain the segment. For example, if a USER profile Base segment contains 188 bytes of data, it still requires 256 bytes of space in the RACF database.