z/OS Security Server RACF Messages and Codes
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


ICH14079I

z/OS Security Server RACF Messages and Codes
SA23-2291-00

ICH14079I
RACF detected an error in the dynamic class descriptor table, entry entry-name, error code yy.

Explanation

RACF® encountered an error for entry entry-name while building the dynamic class descriptor table. The entries used to build this table are taken from the class definitions in the CDT general resource class. Error code yy identifies the problem as follows:

Code
Description of error
1
Incorrect class name.
2
The field that defines the length of the class name (MAXLENGTH or MAXLENX) is incorrect. The valid range is 1 to 246.
3
The MAXLENX value must be greater than or equal to the MAXLENGTH value.
4
The maximum number of classes in the static class descriptor table (ICHRRCDX and ICHRRCDE) and the dynamic class descriptor table are exceeded. The maximum number of classes allowed is 1024.
5
Incorrect or missing POSIT number. The valid range is 0 to 1023.
6
One of the following conditions:
  • A grouped class specifies a member that does not exist in the class descriptor table or is incorrect, or a member class specifies a group that does not exist in the class descriptor table or is incorrect.
  • A pair of classes reference each other, but neither is a grouping class or both are grouping classes.
7
One of the reserved class names (USER, GROUP, or DATASET) appears in the class table.
8
An entry in the dynamic class descriptor table has a class name with the same name as an entry in the table supplied by IBM®.
9
The class specifies both MEMBER and GROUP, but they are mutually exclusive.
10
Incorrect DEFAULTRC value. The valid values are 0, 4, and 8.
11
Incorrect KEYQUALIFIERS value. The valid range is 0 to 123.
12
SIGNAL(YES) is not valid with RACLIST(DISALLOWED).
13
CDTINFO segment is missing.
14
A class of the same name is also in the installation-defined class descriptor table (ICHRRCDE) and one of the following conditions is true:
  • The member class name in the dynamic class is different from the member class name in the installation-defined class.
  • The grouping class name in the dynamic class is different from the grouping class name in the installation-defined class.
  • The dynamic class is a grouping class and the installation-defined class is not a grouping class.
  • The dynamic class is a member class and the installation-defined class is not a member class.
15
GENERIC(DISALLOWED) is not valid with GENLIST(ALLOWED).
16
There are too many profiles in the CDT class for the SETROPTS command to process. Any remaining entries are not processed.
Note: This message is displayed in uppercase when issued to the operator console.

System action

The named entry is not placed in the dynamic class descriptor table, so the class is not available for RACF processing.

User response

Examine the profile entry-name in the CDT general resource class. If it was created incorrectly with a wrong name, delete the profile and create it with the correct name. The name cannot be USER, GROUP, DATASET, or any class in the IBM-supplied class descriptor table. For the list of classes in the IBM-supplied table, see z/OS Security Server RACF Macros and Interfaces. If the profile was created with an incorrect value in a CDTINFO field (such as MEMBER, GROUP, MAXLENGTH), use the RALTER command to correct the field and rebuild the dynamic class descriptor table. If the profile was created with no CDTINFO segment, use the RALTER command to add the CDTINFO segment with appropriate information, and then rebuild the dynamic class descriptor table.

Routing code

2 and 9

Descriptor code

4

Parent topic: SETROPTS command messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014