Entries in the dynamic CDT are used to add, change, or delete installation-defined classes. These are optional CDT entries that are created when you define profiles in the CDT general resource class. The names of the profiles in the CDT class become the names of your new classes in the dynamic CDT.

Sample procedures for administering (adding, changing, and deleting) dynamic classes are included in this topic. The tasks of adding and changing dynamic classes utilize the RDEFINE and RALTER commands to define and modify attributes of CDT class profiles. You use the SETROPTS RACLIST(CDT) and SETROPTS RACLIST(CDT) REFRESH commands to build entries in the dynamic CDT. These commands effectively transform CDT profiles into RACF® classes. The names of RACF classes created in this way (dynamic classes) can be used in RACF commands and the RACROUTE macro, just as you would use any other RACF class name.

Once you create the dynamic CDT by executing the SETROPTS RACLIST(CDT) command, it remains active until you disable it. (See Disabling the dynamic CDT.) When you restart your system, RACF automatically rebuilds the dynamic CDT using attributes from CDT class profiles in the RACF database. As with other RACF classes, if you activate SETROPTS class options for a dynamic class before a system restart, RACF automatically activates those SETROPTS class options after a restart.

To list all RACF classes defined on your system, including dynamic classes, you can use the Data Security Monitor (DSMON) to produce the Class Descriptor Table Report. See z/OS Security Server RACF Auditor's Guide for more information about DSMON.