Explanation
RACF® encountered
an error for entry entry-name while building the
dynamic class descriptor table. The entries used to build this table
are taken from the class definitions in the CDT general resource
class. Error code yy identifies the problem as
follows:
- Code
- Description of error
- 1
- Incorrect class name.
- 2
- The field that defines the length of the class name (MAXLENGTH
or MAXLENX) is incorrect. The valid range is 1 to 246.
- 3
- The MAXLENX value must be greater than or equal to the MAXLENGTH
value.
- 4
- The maximum number of classes in the static class descriptor
table (ICHRRCDX and ICHRRCDE) and the dynamic class descriptor table
are exceeded. The maximum number of classes allowed is 1024.
- 5
- Incorrect or missing POSIT number. The valid range is 0 to 1023.
- 6
- One of the following conditions:
- A grouped class specifies a member that does not exist in the
class descriptor table or is incorrect, or a member class specifies
a group that does not exist in the class descriptor table or is incorrect.
- A pair of classes reference each other, but neither is a grouping
class or both are grouping classes.
- 7
- One of the reserved class names (USER, GROUP, or DATASET) appears
in the class table.
- 8
- An entry in the dynamic class descriptor table has a class name
with the same name as an entry in the table supplied by IBM®.
- 9
- The class specifies both MEMBER and GROUP, but they are mutually
exclusive.
- 10
- Incorrect DEFAULTRC value. The valid values are 0, 4, and 8.
- 11
- Incorrect KEYQUALIFIERS value. The valid range is 0 to 123.
- 12
- SIGNAL(YES) is not valid with RACLIST(DISALLOWED).
- 13
- CDTINFO segment is missing.
- 14
- A class of the same name is also in the installation-defined class
descriptor table (ICHRRCDE) and one of the following conditions is
true:
- The member class name in the dynamic class is different from the
member class name in the installation-defined class.
- The grouping class name in the dynamic class is different from
the grouping class name in the installation-defined class.
- The dynamic class is a grouping class and the installation-defined
class is not a grouping class.
- The dynamic class is a member class and the installation-defined
class is not a member class.
- 15
- GENERIC(DISALLOWED) is not valid with GENLIST(ALLOWED).
- 16
- There are too many profiles in the CDT class for the SETROPTS
command to process. Any remaining entries are not processed.
Note: This message is displayed in uppercase when issued
to the operator console.
System action
The named entry is not placed in the dynamic
class descriptor table, so the class is not available for RACF processing.
User response
Examine the profile entry-name in
the CDT general resource class. If it was created incorrectly with
a wrong name, delete the profile and create it with the correct name.
The name cannot be USER, GROUP, DATASET, or any class in the IBM-supplied
class descriptor table. For the list of classes in the IBM-supplied
table, see z/OS Security Server RACF Macros and Interfaces.
If the profile was created with an incorrect value in a CDTINFO field
(such as MEMBER, GROUP, MAXLENGTH), use the RALTER command to correct
the field and rebuild the dynamic class descriptor table. If the profile
was created with no CDTINFO segment, use the RALTER command to add
the CDTINFO segment with appropriate information, and then rebuild
the dynamic class descriptor table.
Routing code
Descriptor code