As a general rule, use IRRUT200 to create a database copy,
if the output database is the same size and on a device with the same
track geometry as the input database. However, if you need to
produce a copy of a database of a different size from your original,
or on a different device type (for example, 3390 to 3380), you must use
IRRUT400.
In cases where IRRUT200 has detected errors on upper level blocks
only, or an analysis of IRRUT200's BAM block mappings has shown that
significant fragmentation has occurred, use IRRUT400 to perform the
copy. When IRRUT400 copies a database, it rebuilds it, recreating
upper level index blocks and reorganizing profiles so that there is
no fragmentation. The profile reorganization makes all the segments
of a single profile (for example a user profile's base, TSO, and CICS® segments) contiguous.
The reorganization that IRRUT400 performs can improve performance
by reducing the number of database reads required to read profiles.
As a profile is updated over time, its segments are likely to be written
to different physical blocks in the database. You can see this by
looking at the output of the IRRUT200 INDEX FORMAT function and noting
the RBA of each profile segment. RACF® reads
the database one 4K block at a time, so the fewer the number of 4K
blocks a profile's segments are spread across, the fewer the number
of reads required to access all of them, and the better the performance
of RACF functions that require
database profile access.
For RACF databases consisting
of multiple data sets, one IRRUT400 invocation can process one or
more of the data sets.
The target of the copy can not be an active RACF database. If you specify an active primary
or backup data set on the system on which IRRUT400 is running, the
utility fails. If you need to refresh an active RACF database, use RVARY to deactivate the database
before running IRRUT400. After utility processing completes, use RVARY
to activate the database.
You can copy an active RACF database,
but if you do, you must either specify LOCKINPUT or guarantee that
no updates will occur to the input data sets from any system. There
are three ways to copy an active database using this utility.
- Specify the LOCKINPUT parameter.
This method is preferred.
It creates an accurate output database and guarantees that no information
is lost before you are able to use the new copy as your active database.
Using the LOCKINPUT parameter stops you from writing information,
other than statistical updates, to the input database. If you attempt
to write to the database while IRRUT400 is running, RACF generates ABEND483 RC50, or ABEND485 RC50
errors.
Attempts to write to the database result not only
from explicit commands like RALTER, but also from a specific logon
attempt. For instance, a logon causes a write to the database and
fails if:
- This is your first logon of the day and RACF is not in data sharing mode
- The password is being changed
- You are entering the correct password after previously entering
an incorrect password
If the LOCKINPUT keyword is specified, you will be unable
to update the input data sets after the execution of this utility.
(See Specifying parameters.)
LOCKINPUT
leaves the input database locked to prevent any updates to the input
database. If the input database were unlocked when IRRUT400 completed,
it might get updated and, therefore, be out of sync with the new copy.
If you do not want to switch to the new copy, you must invoke IRRUT400
again with, this time with the UNLOCKINPUT parameter, to unlock the
input database so it can be updated.
- Specify the NOLOCKINPUT parameter.
Specifying the NOLOCKINPUT
parameter does not prevent you from updating the input database.
- If updates occur to the input database during the copy operation,
the results of the utility and the content of the output database
are unpredictable. The updates might be successful, an abend might
occur, or the output database might become corrupted.
- If updates occur to the input database after the copy completes,
the output database is complete and consistent. However, it does not
reflect any of the updates you made to the input database. If you
plan to use the output database and want to avoid losing information,
you should be sure that no changes are made between the time that
you make the copy and the time RACF begins
using it.
- Use IRRUT200 first, then use IRRUT400, in a two stage process:
- Stage 1: Use IRRUT200
Use IRRUT200 to make a copy of a data
set from the input database. This copy must be the same size and on
a device with the same geometry as the input data set. You can use
IRRUT200 only to copy one data set at a time. If the RACF database is comprised of three data sets,
for example, you must invoke the utility three times to copy all
the data sets.
Because IRRUT200 uses ENQ or RESERVE serialization
while it copies a data set, updates to the data set are delayed briefly
until the copy is completed. See RACF database verification utility program (IRRUT200) for
more information.
- Stage 2: Use IRRUT400
Use IRRUT400 against the new copy
of the database. You can specify the NOLOCKINPUT parameter because
the copy is not an active RACF database.
This option avoids the errors that are possible by using
option 1 and avoids the unpredictable results that might occur by
using option 2. However, to avoid losing information, you must be
sure that no changes are made between the time that you make the
copy and the time RACF begins
using it.
If you have a split database, you should not issue
any user or group administration commands until all the IRRUT200 copies
are complete. Issuing these commands can cause inconsistencies between
user and group profiles on the IRRUT400 output database.