Event 7( 7): DEFINE RESOURCE

This event is based on RACROUTE REQUEST=DEFINE,TYPE=DEFINE.

The explanations of the event code qualifiers for Event 7 are:

 0(0)
SUCCESSFUL DEFINITION
  • The user had sufficient authority to define the resource.
  • The SECLABEL class is active, SETROPTS MLACTIVE WARNING is in effect, and the user or the resource does not have a security label.
 1(1)
GROUP UNDEFINED The resource to be defined is a data set, and the high-level qualifier is not a valid group or user ID.
 2(2)
USER NOT IN GROUP The resource is a data set, RACFIND is not set to NO, the high-level qualifier is a group, and the user does not belong to that group.
 3(3)
INSUFFICIENT AUTHORITY One of the following occurred:
  • SETROPTS GENERICOWNER is in effect and defining the profile would violate GENERICOWNER rules.
  • For general resources, the user is not authorized to define profiles in the class.
  • The resource is a data set, and the high-level qualifier of the resource is a group or user ID. The user is not authorized to create a new data set by the generic profile protecting the new name, and the high-level qualifier of the new data set name is beyond the scope of the user.
  • The resource is an SFS file or directory, and the second qualifier is a user ID. The user is not authorized to create a new file or directory by the generic profile protecting the new name, and the second qualifier of the new file or directory name is beyond the scope of the user.

See z/OS Security Server RACF Security Administrator's Guide.

 4(4)
RESOURCE NAME ALREADY DEFINED The requested name already has a discrete profile defined. The return code of the DEFINE is 4.
 5(5)
USER NOT DEFINED TO RACF® The installation's naming convention routine has indicated that the high-level qualifier is a user ID that is not defined to RACF. One of the following occurred:
  • RACFIND is not set to NO.
  • The resource is protected by a generic or global profile, and the user does not have ALTER access to it.
 6(6)
RESOURCE NOT PROTECTED SETROPTS PROTECTALL FAILURES is in effect, and the data set to be defined is not protected by a profile.
 7(7)
WARNING—RESOURCE NOT PROTECTED SETROPTS PROTECTALL WARNINGS is in effect, and the data set to be defined is not protected by a profile. The DEFINE is allowed.
 8(8)
WARNING—SECURITY LABEL MISSING FROM JOB, USER, OR PROFILE The SECLABEL and TAPEVOL classes are active. SETROPTS MLACTIVE WARNING is in effect, and the TAPEVOL profile is without a security label. The DEFINE is allowed.
 9(9)
INSUFFICIENT SECURITY LABEL AUTHORITY The SECLABEL and TAPEVOL classes are active. SETROPTS MLS WARNING is in effect, and the user's security label does not dominate the one found in the TAPEVOL profile.

The DEFINE is allowed.

10(A)
USER IN SECOND QUALIFIER IS NOT RACF-DEFINED The second qualifier of the name is not a valid user ID.
11(B)
INSUFFICIENT SECURITY LABEL AUTHORITY The SECLABEL class is active, and one of the following occurred:
  • SETROPTS MLACTIVE FAILURES is in effect, and the user is missing a security label.
  • SETROPTS MLACTIVE FAILURES is in effect, and the resource is missing a security label.
  • The user's security label does not dominate the resource's.
  • SETROPTS MLS FAILURES is in effect, and the user's security label does not equal the resource's.
12(C)
LESS SPECIFIC PROFILE EXISTS WITH A DIFFERENT SECURITY LABEL The SECLABEL class is active, SETROPTS MLSTABLE is in effect, and there is a less specific generic profile existing for the name with a different security label.

Defining this resource would violate SETROPTS MLSTABLE rules.

Parent topic: Event code qualifiers