z/OS Security Server RACF Macros and Interfaces
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


General template for the RACF database

z/OS Security Server RACF Macros and Interfaces
SA23-2288-00

The general template describes the fields of general resource profiles in a RACF® database.

NOT programming interface information
End of NOT programming interface information End of NOT programming interface information
End of NOT programming interface information
Note:
  1. Application developers should not depend on being able to use RACROUTE REQUEST=EXTRACT for the BASE segment fields on any security product other than RACF. These products are expected to support only such segments as DFP and TSO.
  2. The TME segment fields are intended to be updated by Tivoli® applications, which manage updates, permissions, and cross-references among the fields. The TME fields should only be directly updated on an exception basis. See z/OS Security Server RACF Command Language Reference for formats of the field data as enforced by the RACF commands. Use caution when directly updating TME fields, as the updates might be overridden by subsequent actions of Tivoli applications.

The contents of the general template are as follows:

Template Field being described
Field name (character data) Field ID Flag 1 Flag 2 Field length decimal Default value Type  
The following is the BASE segment of the GENERAL template.
GENERAL 001 00 00 00000000 00    
ENTYPE 002 00 00 00000001 05 Int The number (5) corresponding to profiles for resources defined in the class descriptor table.
VERSION 003 00 00 00000001 01 Int The version field from the profile. Always X'01'.
CLASTYPE 004 00 00 00000001 FF Int The class to which the resource belongs (from the ID=class-number operand of the ICHERCDE macro).
DEFDATE 005 00 20 00000003 FF Date The date the resource was defined to RACF.
OWNER 006 00 00 00000008 FF Char The owner of the resource.
LREFDAT 007 01 20 00000003 FF Date The date the resource was last referenced.
LCHGDAT 008 01 20 00000003 FF Date The date the resource was last updated.
ACSALTR 009 01 00 00000002 FF Int The number of times the resource was accessed with ALTER authority.
ACSCNTL 010 01 00 00000002 FF Int The number of times the resource was accessed with CONTROL authority.
ACSUPDT 011 01 00 00000002 FF Int The number of times the resource was accessed with UPDATE authority.
ACSREAD 012 01 00 00000002 FF Int The number of times the resource was accessed with READ authority.
UACC 013 20 80 00000001 00 Bin The universal access authority for the resource.
Bit
Meaning when set
0
ALTER access
1
CONTROL access
2
UPDATE access
3
READ access
4
EXECUTE access
5–6
Reserved for IBM's use
7
NONE access.
AUDIT 014 20 00 00000001 00 Bin Audit flags.
Bit
Meaning when set
0
Audit all accesses
1
Audit successful accesses
2
Audit accesses that fail
3
No auditing
4–7
Reserved for IBM's use
LEVEL 015 20 00 00000001 00 Int Resource level.
GAUDIT 016 20 00 00000001 00 Bin Global audit flags.
Bit
Meaning when set
0
Audit all accesses
1
Audit successful accesses
2
Audit accesses that fail
3
No auditing
4–7
Reserved for IBM's use
INSTDATA 017 00 00 00000000 00 Char Installation data; maximum length = 255.
GAUDITQF 021 00 00 00000001 FF Bin Global audit FAILURES qualifier.
The AUDITQS, AUDITQF, GAUDITQS, and GAUDITQF fields have the following format:
Value
Meaning
X'00'
Log access at READ authority
X'01'
Log access at UPDATE authority
X'02'
Log access at CONTROL authority
X'03'
Log access at ALTER authority
AUDITQS 018 00 00 00000001 FF Bin Audit SUCCESS qualifier. (Audit options specified by a user with the AUDITOR or group-AUDITOR attribute.)
Bit
Meaning when set
0
Audit all accesses
1
Audit successful accesses
2
Audit accesses that fail
3
No auditing
4–7
Reserved for IBM's use
AUDITQF 019 00 00 00000001 FF Bin Audit FAILURES qualifier. (Audit options specified by a user with the AUDITOR or group-AUDITOR attribute.)
Bit
Meaning when set
0
Audit all accesses
1
Audit successful accesses
2
Audit accesses that fail
3
No auditing
4–7
Reserved for IBM's use
GAUDITQS 020 00 00 00000001 FF Bin Global audit SUCCESS qualifier. (Audit options specified by a user with the AUDITOR or group-AUDITOR attribute.)
Bit
Meaning when set
0
Audit all accesses
1
Audit successful accesses
2
Audit accesses that fail
3
No auditing
4–7
Reserved for IBM's use
WARNING 022 20 00 00000001 00 Bin Identifies the data set as having (bit 7 is on) or not having the WARNING attribute.
RESFLG 023 20 00 00000001 00 Bin Resource profile flags:
Bit
Meaning when set
0
TAPEVOL can only contain one data set.
1
TAPEVOL profile is automatic.
2
Maintain TVTOC for TAPEVOL.
3–7
Reserved for IBM's use
TVTOCCNT 024 10 00 00000004 00 Int The number of TVTOC entries.
TVTOCSEQ 025 80 00 00000002 00 Int The file sequence number of tape data set.
TVTOCCRD 026 80 20 00000003 00 Date The date the data set was created.
TVTOCIND 027 A0 00 00000001 00 Bin Data set profiles flag (RACF indicator bit):
Bit
Meaning when set
1
Discrete data set profile exists
2–7
Reserved for IBM's use
TVTOCDSN 028 80 00 00000000 00 Char The RACF internal name.
TVTOCVOL 029 80 00 00000000 00 Char This field is a list of the volumes on which the tape data set resides.
TVTOCRDS 030 80 00 00000000 00 Char The name used when creating the tape data set; maximum length = 255.
NOTIFY 031 00 00 00000000 00 Char The user to be notified when access violations occur against resource protected by this profile.
LOGDAYS 032 20 00 00000001 00 Bin The days of the week the TERMINAL cannot be used. (Bit 0 equals Sunday, bit 1 equals Monday, and so on).
LOGTIME 033 00 00 00000000 00 Time The time of the day the TERMINAL can be used.
LOGZONE 034 00 00 00000000 00 Bin The time zone in which the terminal is located.
NUMCTGY 035 10 00 00000004 00 Int Number of categories.
CATEGORY 036 80 00 00000002 00 Int List of categories.
SECLEVEL 037 00 00 00000001 FF Int Resource security level.
FLDCNT 038 10 00 00000004 00 Int Reserved for IBM's use.
FLDNAME 039 80 00 00000008 00   Reserved for IBM's use.
FLDVALUE 040 80 00 00000000 00   Reserved for IBM's use.
FLDFLAG 041 A0 00 00000001 00   Reserved for IBM's use.
APPLDATA 042 00 00 00000000 00 Char Application data.
MEMCNT 043 10 80 00000004 00 Int The number of members.
MEMLST 044 80 80 00000000 00 Bin The resource group member. For SECLABEL class, a 4-byte SMF ID.
VOLCNT 045 10 00 00000004 00 Int Number of volumes in tape volume set.
VOLSER 046 80 00 00000006 00 Char Volume serials of volumes in tape volume set.
ACLCNT 047 10 80 00000004 00 Int The number of users and groups currently authorized to access the resource.
USERID 048 80 80 00000008 00 Char The user ID or group name of each user or group authorized to access the resource.
USERACS 049 A0 80 00000001 00 Bin The access authority that each user or group has for the resource.
Bit
Meaning when set
0
ALTER access
1
CONTROL access
2
UPDATE access
3
READ access
4
EXECUTE access
5–6
Reserved for IBM's use
7
NONE access
Note: Each of the above access authority fields has mutually exclusive bits except for EXECUTE and NONE.
ACSCNT 050 80 00 00000002 00 Int The number of times the resource was accessed by each user or group.

USRCNT
USRNM
USRDATA
USRFLG

051
052
053
054

10
80
80
A0

00
00
00
00

00000004
00000008
00000000
00000001

00
00
00
00

Int

Reserved for installation use.
Reserved for installation use.
Reserved for installation use.
Reserved for installation use.
SECLABEL 055 00 00 00000008 00 Char Security label.
ACL2CNT 056 10 00 00000004 00 Int Number of entries in conditional access list.
ACL2NAME 057 80 00 00000008 00 Bin 1 indicator byte; 7 bytes reserved for IBM's use.
ACL2UID 058 80 00 00000008 00 Char User ID or group.
ACL2ACC 059 80 00 00000001 00 Bin Access authority.
ACL2ACNT 060 80 00 00000002 00 Int Access count.
ACL2RSVD 061 80 00 00000000 00 Bin Conditional data. Reserved for IBM's use.
RACLHDR 062 00 00 00000020 00 Bin RACGLIST header.
RACLDSP 063 00 00 00000000 00 Bin RACGLIST dataspace information.
FILTERCT 064 10 00 00000004 00   Number of names that Hash to this DIGTNMAP Profile.
FLTRLABL 065 80 00 00000000 00   Label associated with this DIGTNMAP Mapping (matches NMAPLABL for user named by FLTRUSER or user irrmulti.)
FLTRSTAT 066 A0 00 00000001 00   Trust status – bit 0 on for trusted.
FLTRUSER 067 80 00 00000000 00   User ID or criteria profile name.
FLTRNAME 068 80 00 00000000 00   Unhashed issuer's name filter used to create this profile name, (max of 255), followed by a separator, (X'4A'), and the unhashed subject's name filter used to create this profile name (max of 255).
FLTRSVD1 069 80 00 00000000 00   Reserved for IBM's use.
FLTRSVD2 070 80 00 00000000 00   Reserved for IBM's use.
FLTRSVD3 071 80 00 00000000 00   Reserved for IBM's use.
FLTRSVD4 072 80 00 00000000 00   Reserved for IBM's use.
FLTRSVD5 073 80 00 00000000 00   Reserved for IBM's use.
RACDHDR 074 00 08 00000000 00 Bin CACHECLS header.
DIDCT 075 10 00 00000004 00   Number of names that correspond to this IDIDMAP Profile.
DIDLABL 076 80 00 00000000 00   Label associated with this IDIDMAP class profile mapping (matches DMAPLABL for user named by DIDUSER).
DIDUSER 077 80 00 00000008 00   User ID.
DIDRNAME 078 80 00 00000000 00   Registry name (max of 255).
DIDRSVD1 079 80 00 00000000 00   Reserved for IBM's use.
DIDRSVD2 080 80 00 00000000 00   Reserved for IBM's use.
Field name Field ID Flag 1 Flag 2 Combination field IDs Type  
The following is the COMBINATION segment of the GENERAL template.
CREADATE 000 40 00 005 000 000 000 000   Combination.
AUTHDATE 000 40 00 005 000 000 000 000   Fields.
AUTHOR 000 40 00 006 000 000 000 000    
TVTOC 000 48 00 025 026 027 028 029    
  000 40 00 030 000 000 000 000    
LOGINFO 000 40 00 032 033 034 000 000    
FIELD 000 40 00 039 040 041 000 000    
ACL 000 40 00 048 049 050 000 000    
ACL1 000 40 00 048 049 000 000 000    
USERDATA 000 40 00 052 053 054 000 000    
ACL2 000 40 00 057 058 059 060 061   Conditional access list
ACL2A3 000 40 00 057 058 059 060 000   Conditional access list
FLTRLST1 000 40 00 065 066 067 068 000   Combo field for FILTER
FLTRLST2 000 40 00 065 067 068 000 000   Combo field for FILTER
CERTRING 000 40 00 010 011 009 000 000   Digital certificate data.
CERTRNG2 000 40 00 009 011 000 000 000    
CERTRNG3 000 40 00 009 012 013 000 000    
DIDLIST1 000 40 00 076 077 078 000 000   Combination for distributed identity.
Template Field being described
Field name (character data) Field ID Flag 1 Flag 2 Field length decimal Default value Type  
The following is the SESSION segment of the GENERAL template.
SESSION 001 00 00 00000000 00   Start of segment fields
SESSKEY 002 00 00 00000000 00 Bin Session key; maximum length = 8
SLSFLAGS 003 20 00 00000001 00 Bin Session flag byte
Bit
Meaning when set
0
SLSLOCK-This profile is locked out
1–7
Reserved for IBM's use
KEYDATE 004 00 00 00000004 00 Date Last date session key was changed. It is in the format 0cyyddF where c=0 for 1900–1999 and c=1 for 2000–2099. For more information on this MVS-returned format, see z/OS MVS Programming: Assembler Services Guide.
KEYINTVL 005 00 00 00000002 00 Int Number of days before session key expires
SLSFAIL 006 00 00 00000002 00 Int Current number of invalid attempts
MAXFAIL 007 00 00 00000002 00 Int Number of invalid attempts before lockout
SENTCNT 008 10 00 00000004 00 Int Number of session entities in list
SENTITY 009 80 00 00000035 00 Char Entity name
SENTFLCT 010 80 00 00000002 00 Int Number of failed attempts for this entity
CONVSEC 011 20 00 00000001 00 Bin Conversation security.
Value
Meaning
X'40'
Conversation security
X'50'
Persistent verification
X'60'
User ID and password already verified
X'70'
User ID and password already verified plus persistent verification
X'80'
Security none
The following is the DLFDATA segment of the GENERAL template.
DLFDATA 001 00 00 00000000 00   Start of segment fields
RETAIN 002 20 00 00000001 00 Bin Retain flag byte
JOBNMCNT 003 10 00 00000004 00 Int Count of jobnames
JOBNAMES 004 80 00 00000000 00 Char Jobnames; maximum length = 8
The following is the SSIGNON segment of the GENERAL template.
SSIGNON 001 00 00 00000000 00   Start of segment fields
SSKEY 002 00 00 00000000 00 Bin Secured signon key
The following is the STDATA segment of the GENERAL template.
STDATA 001 00 00 00000000 00   Start of segment fields
STUSER 002 00 00 00000008 40 Char User ID or =MEMBER
STGROUP 003 00 00 00000008 40 Char Group name or =MEMBER
FLAGTRUS 004 20 00 00000001 00 Bin Trusted flag, X'80' = trusted
FLAGPRIV 005 20 00 00000001 00 Bin Privileged flag, X'80' = privileged
FLAGTRAC 006 20 00 00000001 00 Bin Trace usage flag X'80' = issue IRR8I2I
The following is the SVFMR segment of the GENERAL template.
SVFMR 001 00 00 00000000 00   Start of segment fields
SCRIPTN 002 00 00 00000008 00 Char Script name
PARMN 003 00 00 00000008 00 Char Parameter name
The following is the CERTDATA segment of the GENERAL template.
CERTDATA 001 00 00 00000000 00   Start of segment fields
CERT 002 00 00 00000000 00 Bin Digital certificate
CERTPRVK 003 00 00 00000000 00 Bin Private key or key label
RINGCT 004 10 00 00000004 00 Int Number of key rings associated with this certificate
RINGNAME 005 80 00 00000000 00 Char Profile name of a ring with which this certificate is associated
CERTSTRT 006 00 00 00000000 00   Date and time from which the certificate is valid. If the year is 2041 or earlier, this is an 8-byte TOD format field. If the year is later than 2041, this is the first 8 bytes of an ETOD format field. If the first byte is greater than X'38', the date is in TOD format; otherwise it is in ETOD format.
CERTEND 007 00 00 00000000 00   Date and time after which the certificate is not valid. If the year is 2041 or earlier, this is an 8-byte TOD format field. If the year is later than 2041, this is the first 8 bytes of an ETOD format field. If the first byte is greater than X'38', the date is in TOD format; otherwise it is in ETOD format.
CERTCT 008 10 00 00000004 00 Int The number of certificates associated with this key ring. CERTCT is a repeat group that identifies the certificates associated with a key ring. CERTCT is used only with DIGTRING profiles.
CERTNAME 009 80 00 00000000 00 Char The profile name of the certificate
CERTUSAG 010 80 00 00000004 00 Bin Certificate usage in ring:
  • X'00000000' – PERSONAL
  • X'00000001' – SITE
  • X'00000002' – CERTAUTH
CERTDFLT 011 80 00 00000001 00 Bin Verifies if it is the default certificate:
  • X'00' – Not the default
  • X'80' – The default
CERTSJDN 012 80 00 00000000 00 Bin The subject name of the entity to whom the certificate is issued. This field is a BER-encoded format of the subject's distinguished name as contained in the certificate
CERTLABL 013 80 00 00000000 00 Char Label associated with the certificate
CERTRSV1 014 80 00 00000000 00   Reserved for IBM's use.
CERTRSV2 015 80 00 00000000 00   Reserved for IBM's use.
CERTRSV3 016 80 00 00000000 00   Reserved for IBM's use.
CERTRSV4 017 80 00 00000000 00   Reserved for IBM's use.
CERTRSV5 018 80 00 00000000 00   Reserved for IBM's use.
CERTRSV6 019 80 00 00000000 00   Reserved for IBM's use.
CERTRSV7 020 80 00 00000000 00   Reserved for IBM's use.
CERTRSV8 021 80 00 00000000 00   Reserved for IBM's use.
CERTRSV9 022 80 00 00000000 00   Reserved for IBM's use.
CERTRSVA 023 80 00 00000000 00   Reserved for IBM's use.
CERTRSVB 024 80 00 00000000 00   Reserved for IBM's use.
CERTRSVC 025 80 00 00000000 00   Reserved for IBM's use.
CERTRSVD 026 80 00 00000000 00   Reserved for IBM's use.
CERTRSVE 027 80 00 00000000 00   Reserved for IBM's use.
CERTRSVF 028 80 00 00000000 00   Reserved for IBM's use.
CERTRSVG 029 80 00 00000000 00   Reserved for IBM's use.
CERTRSVH 030 80 00 00000000 00   Reserved for IBM's use.
CERTRSVI 031 80 00 00000000 00   Reserved for IBM's use.
CERTRSVJ 032 80 00 00000000 00   Reserved for IBM's use.
CERTRSVK 033 80 00 00000000 00   Reserved for IBM's use.
CERTPRVT 034 00 00 00000004 00 Bin Associated key type:
  • X'00000000' – No associated key
  • X'00000001' – PKCS DER-encoded
  • X'00000002' – ICSF token label
  • X'00000003' – PCICC label
  • X'00000004' – DSA
  • X'00000005' – ICSF public token label
  • X'00000006' – Reserved for IBM's use
  • X'00000007' – NIST ECC key
  • X'00000008' – Brainpool ECC key
  • X'00000009' – NIST ECC token label in PKDS
  • X'0000000A' – Brainpool ECC token label in PKDS
  • X'0000000B' – RSA token label in TKDS
  • X'0000000C' – NIST ECC token label in TKDS
  • X'0000000D' – Brainpool ECC token label in TKDS
CERTPRVS 035 00 00 00000004 00 Int Private key size in bits
CERTLSER 036 00 00 00000008 00 Bin The low order 8 bytes of the last certificate that was signed with this key. This field is used with DIGTCERT profiles only
RINGSEQN 037 00 00 00000004 00 Int Ring change count
The following is the TME segment of the GENERAL template.
TME 001 00 00 00000000 00   Start of segment fields
PARENT 002 00 00 00000000 00 Char Parent name
CHILDN 003 10 00 00000004 00 Int Count of children
CHILDREN 004 80 00 00000000 00 Char Child names
RESN 005 10 00 00000004 00 Int Count of resource-access specifications
RESOURCE 006 80 00 00000000 00   Resource-access specifications
GROUPN 007 10 00 00000004 00 Int Count of groups
GROUPS 008 80 00 00000008 00   Group names
ROLEN 009 10 00 00000004 00 Int Count of role-access specifications
ROLES 010 80 00 00000000 00 Char Role-access specifications
The following is the KERB segment of the GENERAL template.
KERB 001 00 00 00000000 00   Start of segment fields
KERBNAME 002 00 00 00000000 00 Char Kerberos realm name
MINTKTLF 003 00 00 00000000 00 Char Minimum ticket life
MAXTKTLF 004 00 00 00000000 00 Char Maximum ticket life
DEFTKTLF 005 00 00 00000000 00 Char Default ticket life
SALT 006 00 00 00000000 00 Char Current key salt
ENCTYPE 007 00 00 00000000 00 Char Encryption type
CURKEYV 008 00 00 00000000 00 Char Current key version
CURKEY 009 00 00 00000000 00 Char Current DES key
PREVKEYV 010 00 00 00000000 00 Char Previous key version
PREVKEY 011 00 00 00000000 00 Char Previous DES key
ENCRYPT 012 00 00 00000004 55 Char Encryption type
CHKADDRS 013 00 00 00000001 00 Char Check addresses flag
The following is the PROXY segment of the GENERAL template.
PROXY 001 00 00 00000000 00   Start of segment fields
LDAPHOST 002 00 00 00000000 00 Char LDAP server URL; maximum length: 1023
BINDDN 003 00 00 00000000 00 Char Bind distinguished name; maximum length: 1023
BINDPW 004 00 08 00000000 00 Char Bind password; maximum length: 128
BINDPWKY 005 00 08 00000071 00 Char Bind password mask or encrypt key
The following is the EIM segment of the GENERAL template.
EIM 001 00 00 00000000 00   Start of segment fields
DOMAINDN 002 00 00 00000000 00 Char EIM Domain Distinguished Names
OPTIONS 003 00 00 00000004 55 Char EIM Options
LOCALREG 004 00 00 00000000 00 Char Local Registry Name
KERBREG 005 00 00 00000000 00 Char Kerberos Registry Name
X509REG 006 00 00 00000000 00 Char X509 Registry Name
The following is the ALIAS segment of the GENERAL template.
ALIAS 001 00 00 00000000 00   Start of segment fields
IPLOOK 002 00 10 00000016 00 Bin IP lookup value
The following is the CDTINFO segment of the GENERAL template.
CDTINFO 001 00 00 0 0   Start of segment fields
CDTPOSIT 002 00 00 4 FF Int POSIT number for class
CDTMAXLN 003 00 00 1 8 Int Maximum length of profile names
CDTMAXLX 004 00 00 4 FF Int Maximum resource or profile name length when using ENTITYX
CDTDFTRC 005 00 00 1 4 Int Default return code
CDTKEYQL 006 00 00 4 0 Int Number of key qualifiers
CDTGROUP 007 00 00 8 0 Char Resource grouping class name
CDTMEMBR 008 00 00 8 0 Char Member class name
CDTFIRST 009 00 00 1 X'C0' Bin Character restriction for first character of profile name
Value
Meaning
X'80'
Alphabetic
X'40'
National
X'20'
Numeric
X'10'
Special
CDTOTHER 010 00 00 1 X'C0' Bin Character restriction for characters of the profile name other than the first character
Value
Meaning
X'80'
Alphabetic
X'40'
National
X'20'
Numeric
X'10'
Special
CDTOPER 011 00 00 1 X'00' Bin Operations attribute considered
Value
Meaning
X'80'
RACF considers OPERATIONS attribute
CDTUACC 012 00 00 1 X'01' Bin Default UACC
Value
Meaning
X'80'
ALTER
X'40'
CONTROL
X'20'
UPDATE
X'10'
READ
X'08'
EXECUTE
X'04'
UACC from ACEE
X'01'
NONE
CDTRACL 013 00 00 1 X'00' Bin SETROPTS RACLIST
Value
Meaning
X'00'
RACLIST disallowed
X'80'
RACLIST allowed
X'40'
RACLIST required
CDTGENL 014 00 00 1 X'00' Bin SETROPTS GENLIST
Value
Meaning
X'80'
GENLIST allowed
CDTPRFAL 015 00 00 1 X'80' Bin Profiles allowed
Value
Meaning
X'80'
Profiles are allowed
CDTSLREQ 016 00 00 1 X'00' Bin Security labels required
Value
Meaning
X'80'
Security labels are required
CDTMAC 017 00 00 1 X'80' Bin Mandatory access checking (MAC) processing
Value
Meaning
X'80'
Normal mandatory access checks
X'40'
Reverse mandatory access checks
X'20'
Equal mandatory access checks
CDTSIGL 018 00 00 1 X'00' Bin ENF Signal
Value
Meaning
X'80'
ENF signal to be sent
CDTCASE 019 00 00 1 X'00' Bin Case of profile names
Value
Meaning
X'00'
Uppercase
X'80'
ASIS - preserve case
CDTGEN 020 00 00 1 X'80' Bin SETROPTS GENERIC
Value
Meaning
X'80'
GENERIC allowed
The following is the ICTX segment of the GENERAL template.
ICTX 001 00 00 00000000 00   Start of segment fields
USEMAP 002 00 00 00000001 80 Bin Application supplied mapping
Value
Meaning
X'80'
Use the mapping
DOMAP 003 00 00 00000001 00 Bin Identity cache mapping
Value
Meaning
X'80'
Do the mapping
MAPREQ 004 00 00 00000001 00 Bin
Value
Meaning
X'80'
Mapping is required
MAPTIMEO 005 00 00 00000002 00 Int Mapping timeout adjustment
The following is the CFDEF segment of the GENERAL template.
CFDEF 001 00 00 0 0   Start of segment fields for defining custom field attributes
CFDTYPE 002 00 00 1 01 Bin Data type for custom field:
  • 01 - character
  • 02 - numeric
  • 03 - flag
  • 04 - hex
CFMXLEN 003 00 00 4 FF Int Maximum field length
CFMXVAL 004 00 00 4 FF Int Maximum numeric value
CFMNVAL 005 00 00 4 FF Int Minimum numeric value
CFFIRST 006 00 00 1 00 Bin First character restrictions:
  • 01 - alpha
  • 02 - alphanum
  • 03 - any
  • 04 - nonatabc
  • 05 - nonatnum
  • 06 - numeric
CFOTHER 007 00 00 1 00 Bin Other character restrictions:
  • 01 - alpha
  • 02 - alphanum
  • 03 - any
  • 04 - nonatabc
  • 05 - nonatnum
  • 06 - numeric
CFMIXED 008 20 00 1 00 Bin If bit 0 is on, mixed case is allowed
CFHELP 009 00 00 00 00 Char Help text; maximum length = 255
CFLIST 010 00 00 00 00 Char List heading text; maximum length = 40
The following is the SIGVER segment of the GENERAL template.
SIGVER 001 00 00 0 0   Start of segment fields
SIGREQD 002 00 00 1 0 Bin Module must have a signature:
Value
Meaning
X'80'
Yes
X'00'
No
FAILLOAD 003 00 00 1 0 Bin Loader failure conditions:
Value
Meaning
X'80'
Bad signature only
X'40'
Any failing signature condition
X'00'
Never
SIGAUDIT 004 00 00 1 0 Bin RACF audit conditions:
Value
Meaning
X'80'
Bad signature only
X'40'
Any failing signature condition
X'20'
Success
X'01'
All
X'00'
None
The following is the ICSF segment of the GENERAL template.
ICSF 01 00 00 00000000 00   Start of segment fields for defining ICSF attributes
CSFSEXP 02 00 00 00000001 00 Bin Symmetric key export option:
Value
Meaning
X'80'
BYLIST
X'40'
BYNONE
X'00'
BYANY
CSFSKLCT 03 10 00 00000004 00 Int Count of PKDS labels
CSFSKLBS 04 80 00 00000000 00 Char PKDS labels that might be used to export this symmetric key
CSFSCLCT 05 10 00 00000004 0 Int Count of certificate labels
CSFSCLBS 06 80 00 00000000 00 Char Certificate labels that might be used to export this symmetric key
CSFAUSE 07 00 00 00000004 55 Bin Asymmetric key usage. In byte 3:
Value
Meaning
X'08'
NOSECUREEXPORT
X'04'
SECUREEXPORT
X'02'
NOHANDSHAKE
X'01'
HANDSHAKE
CSFSCPW 08 00 00 00000001 00 Bin Symmetric key CPACF wrap
Value
Meaning
X'80'
YES
X'00'
NO
Parent topic: Format of field definitions

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014