When a BAM/allocation comparison is requested, IRRUT200 performs
the following verifications:
- Every index entry name must have a valid length.
- If MAP ALL is requested, the names and segment types are checked
between the Level 1 regular index and the segments pointed to by the
RBAs.
- The logical length of profiles must be a multiple of 256 and must
be less than or equal to the allocated length as defined in the header
of the profile.
- The actual number of templates must be less than or equal to the space allocated for templates
in the inventory control block (ICB).
- The RBA of each template defined in the ICB must have these characteristics:
- It is a multiple of 4096.
- The first two bytes are zero.
- The last four bytes are nonzero.
- The RBA of each BAM block is a multiple of 4096, and its first two
bytes are zero.
- The count of BAM blocks in the ICB is greater than zero.
- The number of blocks defined by a BAM block is between 1 to 2008,
inclusive.
- Every regular index entry must have a nonzero segment count.
- Every alias index entry must have a length consistent with the
base profile data.
When a block does not meet all of these requirements, IRRUT200
prints a dump of the block in hexadecimal. An error message precedes
the dump.
Some of these messages are also printed. For an explanation of
these messages, see z/OS Security Server RACF Messages and Codes.
IRRUT200 produces an encoded map of each BAM block. Each map is identified by
a block number and its relative byte address (RBA), and contains byte
offsets to the coded masks within the block. The codes indicate the
type of block and the types of consistencies or inconsistencies that
exist between the actual allocation of data set segments and the status
of the segments as defined by the masks in the BAM blocks. Codes that
indicate normal conditions and their meanings are as follows:
- Symbol
- Meaning
- *
- The segment is defined as allocated by the BAM and is actually
allocated.
- 0
- The segment is defined as unallocated by the BAM and is actually
unallocated.
- B
- Refers to a BAM block. This symbol implies an asterisk (*).
- F
- Refers to the first block (ICB). This symbol implies an asterisk
(*).
- I
- Refers to an index block with the level in the next positions.
This symbol implies an asterisk (*).
- S
- Refers to a segment table block. This symbol implies an asterisk
(*).
- T
- Refers to a template block. This symbol implies an asterisk (*).
- /
- Undefined space. The BAM block is capable of mapping more space
than is defined to the data set. This space is not defined to the RACF® data set.
Codes that indicate problems and their meanings are
as follows:
- Symbol
- Meaning
- $
- Refers to a template or other special block that is defined as
unallocated but is actually allocated.
- ?
- Refers to a block that is defined as allocated and is actually
allocated. The block is not valid, so its type is unknown.
- %
- Refers to a block that is defined as unallocated but is actually
allocated. The block is not valid, so its type is unknown.
- @
- The segment is defined as allocated but is pointed to by more
than one entry in the index block.
- #
- The segment is defined as unallocated but is pointed to by more
than one entry in the index block.
- .
- The segment is defined as allocated by the BAM but is actually
unallocated. This condition will be corrected the next time you rebuild
the data set with the IRRUT400 utility.
- +
- The segment is defined as unallocated by the BAM but is actually
allocated.
- –
- Refers to an index, BAM, or first block that is defined as unallocated
but is actually allocated.
For some of the problem indicator symbols, it might be useful to
run the IRRUT400 utility to rebuild the RACF data
set. See Diagnostic capability. For other problem
indicator symbols, it is necessary to delete the data (using RACF commands or BLKUPD) and then
add the data back using RACF commands.
For more information about diagnosis, the format of the RACF database, and BLKUPD, see z/OS Security Server RACF Diagnosis Guide.
You can use the indicator symbols for normal conditions to determine
when it is appropriate to run the IRRUT400 utility to rebuild a RACF data set. You should rebuild
a RACF data set when it is
running out of usable space, which can occur when there is little
space available, or when the space that is available is too fragmented
to be usable. The encoded map that IRRUT200 produces with MAP ALL
specified specifies what percentage of the data set's space is in
use, indicating how much space is available. You can determine how
fragmented the available space is by looking at the map of the BAM
blocks. In the example shown in
Figure 1,
the large number of contiguous 0s indicates that there is plenty of
contiguous space available in this data set, and little fragmentation.
On the other hand, fragmentation would be evident if the mappings
that appear as:
00000000 00000000 00000000 00000000 ...
instead
appeared something like:
***0**** *0*0**** ***0***0 *00**0** ...
In
this fragmented case, profile creations or updates might soon fail
because there is not enough contiguous space to accommodate new or
larger profiles. Whenever there is little usable space based on the
percentage used or based on fragmentation, you should enlarge or
rebuild the data set using IRRUT400.
Following the encoded blocks, IRRUT200 prints a table of conflict
messages that lists the first 200 locations of possible conflicts
in the BAM blocks. These messages locate the inconsistencies by referencing
the corresponding block, byte, and bit of the encoded mappings. Each
word of the encoded map represents one byte of the BAM block. The
relative byte address (RBA) of the storage represented by the bit
is also included.
IRRUT200 also provides the following summary statistics concerning the RACF data set:
- The number of BAM blocks defined in the ICB
- The RBA of the last BAM block that defines used space
- The total number of index blocks in the data set
- The total number of level one index blocks
- The number of profiles of each type in the data set
- The percentage of space used in the RACF data set
IRRUT200 produces an encoded map for every BAM block, whether inconsistencies
are found or not. As an option, you can request that the encoded maps
for an entire RACF data set
be printed. If inconsistencies are found, a table of conflict messages
follows.
See Figure 1 for a sample printout
of the encoded map that IRRUT200 produces with MAP ALL specified.
Figure 1. Sample output of encoded
BAM map produced by IRRUT200 **** BAM BLOCK VERIFICATION ****
0 **** SYMBOL LEGEND ****
* BAM=ALLOC , ACTUAL=ALLOC
0 BAM=UNALLOC , ACTUAL=UNALLOC
. BAM=ALLOC , ACTUAL=UNALLOC
+ BAM=UNALLOC , ACTUAL=ALLOC
I INDEX BLOCK WITH LEVEL IN NEXT POSITIONS
B BAM BLOCK
T TEMPLATE BLOCK
S SEGMENT TABLE BLOCK
F FIRST BLOCK (ICB)
- BAM=UNALLOC , ACTUAL=ALLOC I,B,OR F BLK
$ BAM=UNALLOC , ACTUAL=ALLOC SPECIAL BLK
? BAM=ALLOC , ACTUAL=ALLOC UNKNOWN BLK
% BAM=UNALLOC , ACTUAL=ALLOC UNKNOWN BLK
@ BAM=ALLOC , DUPLICATE ALLOCATION
⋮
# BAM=UNALLOC , DUPLICATE ALLOCATION
/ UNDEFINED STORAGE
-BLOCK 000 RBA 00000000C000
014 FFFFFFFF FFFFFFFF TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT
021 TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT TTTTTTTT SSSSSSSS SSSSSSSS BBBBBBBB BBBBBBBB
02E ******** ******** I1111111 11111111 ******** ******** ******** ******** ******** ******** ******** ******** ********
03B ******** ******** ******** ******** ******** ******** ******** ******** *******0 00000000 00000000 00000000 00000000
048 I1111111 11111111 I2222222 22222222 ******** ******** ******** ******** ******** ******** ******** ******** *****000
055 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
062 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
06F 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
07C 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
089 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
096 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
⋮
542 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
54F 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
55C 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
569 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
576 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
583 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
590 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
59D 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
5AA 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 //////// //////// ////////
5B7 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
5C4 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
5D1 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
5DE //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
5EB //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
5F8 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
605 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
⋮
F1C //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F29 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F36 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F43 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F50 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F5D //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F6A //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F77 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F84 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F91 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
F9E //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
FAB //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
FB8 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
FC5 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
FD2 //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
FDF //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
FEC //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// ////////
FF9 //////// //////// //////// //////// //////// //////// ////////
**** MAP FUNCTION STATISTICS ****
NUMBER OF BAM BLOCKS DEFINED 001
LAST BAM THAT DEFINES USED SPACE - RBA 00000000C000
RACF DATA SET IS 4 PERCENT FULL.
TOTAL NUMBER OF INDEX BLOCKS IN RACF DATA SET 00000003
TOTAL NUMBER OF LEVEL 01 BLOCKS IN RACF DATA SET 00000002
NUMBER OF GROUP ENTRIES - 0000003
NUMBER OF USER ENTRIES - 0000016
NUMBER OF DATASET ENTRIES - 0000002
NUMBER OF DASDVOL ENTRIES - 0000003
NUMBER OF DIGTCERT ENTRIES - 0000025
NUMBER OF SECLABEL ENTRIES - 0000004
z/OS Security Server RACF System Programmer's Guide
Copyright IBM Corporation 1990, 2014