z/OS Security Server RACF Macros and Interfaces
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


User template for the RACF database

z/OS Security Server RACF Macros and Interfaces
SA23-2288-00

The user template describes the fields of the user profiles in a RACF® database.

NOT programming interface information
       

CATEGORY
CONGRPCT
CONGRPNM
CURKEY
CURKEYV
ENCTYPE

FIELD
FLDCNT
FLDFLAG
FLDNAME
FLDVALUE
MAGSTRIP
NUMCTGY

OLDPHR
OLDPHRES
OLDPHRNM
OLDPWD
OLDPWDNM
PHRGEN
PHRCNT

PPHENV
PREVKEY
PREVKEYV
PWDCNT
PWDENV
PWDGEN
SALT
End of NOT programming interface information End of NOT programming interface information
End of NOT programming interface information
Note: Application developers should not depend on being able to use RACROUTE REQUEST=EXTRACT for the BASE segment fields on any security product other than RACF. These products are expected to support only such segments as DFP and TSO.

The contents of the user template (base segment) are as follows:

Template Field being described
Field name (character data) Field ID Flag 1 Flag 2 Field length decimal Default value Type  
The following is the BASE segment of the USER template.
USER 001 00 00 00000000 00    
ENTYPE 002 00 00 00000001 02 Int The number (2) corresponding to user profiles.
VERSION 003 00 00 00000001 01 Int The version field from the profile. Always X'01'.
AUTHDATE 004 00 20 00000003 FF Date The date the user was defined to RACF.
AUTHOR 005 00 00 00000008 FF Char The owner (user ID or group name) of the user profile.
FLAG1 006 20 80 00000001 00 Bin Identifies the user as having (bit 0 is on) or not having the ADSP attribute.
FLAG2 007 20 80 00000001 00 Bin Identifies the user as having (bit 0 is on) or not having the SPECIAL attribute.
FLAG3 008 20 80 00000001 00 Bin Identifies the user as having (bit 0 is on) or not having the OPERATIONS attribute.
FLAG4 009 20 80 00000001 00 Bin Identifies the user as having (bit 0 is on) or not having the REVOKE attribute.
FLAG5 010 20 80 00000001 00 Bin Identifies the user as having (bit 0 is on) or not having the GRPACC attribute.
PASSINT 011 00 80 00000001 FF Int The interval in days (represented by a number between 1 and 254) that the user's password is in effect. If it is X'FF', the user's password never expires. See the description of the SETR PASSWORD(INTERVAL...)) processing instructions in z/OS Security Server RACF Command Language Reference for more details.
PASSWORD 012 04 80 00000008 FF Char The password associated with the user. For masking, the masked password is stored. For DES, the encrypted user ID is stored. If the installation provides its own password authentication, data returned by the ICHDEX01 exit is stored.
PASSDATE 013 00 20 00000003 FF Date The date the password was last changed.
PGMRNAME 014 00 00 00000020 FF Char The name of the user.
DFLTGRP 015 00 00 00000008 FF Char The default group associated with the user. A value of X'FF' indicates that no group was specified.
LJTIME 016 01 00 00000004 FF Time The last recorded time that the user entered the system by using RACROUTE REQUEST=VERIFY.
LJDATE 017 01 20 00000003 FF Date The last recorded date that the user entered the system by using RACROUTE REQUEST=VERIFY.
INSTDATA 018 00 80 00000000 00 Char Installation data.
UAUDIT 019 20 80 00000001 00 Bin Identifies whether all RACROUTE REQUEST=AUTH, RACROUTE REQUEST=DEFINE, (and, if the caller requests logging, RACROUTE REQUEST=FASTAUTH) macros issued for the user and all RACF commands (except SEARCH, LISTDSD, LISTGRP, LISTUSER, and RLIST) issued by the user is logged. If bit 0 is on, they are logged. If bit 0 is off, logging might still occur for other reasons, as identified in z/OS Security Server RACF Auditor's Guide.
FLAG6 020 20 80 00000001 00 Bin Identifies the user as having (bit 0 is on) or not having the AUDITOR attribute.
FLAG7 021 20 80 00000001 00 Bin If bit 0 is on, and FLAG8 has bit 0 on, an operator identification card (OID card) is needed to enter the system.

If bit 1 is on, this is a protected user ID, which cannot enter the system by any means requiring a password or OID card.

If bit 2 is on, this user can enter the system with a password phrase.
FLAG8 022 20 80 00000001 00 Bin If bit 0 is on, an operator identification card (OID card) is required when logging on to the system.
MAGSTRIP 023 04 00 00000000 00 Bin The operator identification associated with the user from the masked or encrypted OID card data required to authenticate this user, as supplied by a supported 327x (such as 3270 and 3278) OID card reader.
PWDGEN 024 00 00 00000001 FF Int Current password generation number.
PWDCNT 025 10 00 00000004 00 Int Number of old passwords present.
OLDPWDNM 026 80 00 00000001 00 Int Generation number of previous password.
OLDPWD 027 84 00 00000008 FF Char Previous password. This is an encrypted password value.
REVOKECT 028 01 80 00000001 FF Int Count of unsuccessful password attempts.
Note: You can use ALTER when setting this field, but you cannot use ALTERI.
MODELNAM 029 00 80 00000000 00 Char Data set model profile name. The profile name begins with the second qualifier; the high-level qualifier is not stored.
SECLEVEL 030 00 80 00000001 FF Int The number that corresponds to the user's security level. For more information on security levels, see z/OS Security Server RACF Security Administrator's Guide.
NUMCTGY 031 10 80 00000004 00 Int Number of security categories.
CATEGORY 032 80 80 00000002 00 Int A number that corresponds to the security categories to which the user has access.
REVOKEDT 033 00 20 00000000 00 Date The date the user is revoked. This field either has length 0, or contains a 3-byte revoke date.
RESUMEDT 034 00 20 00000000 00 Date The date the user is resumed. This field either has length 0, or contains a 3-byte resume date.
LOGDAYS 035 20 00 00000001 00 Bin The days of the week the user cannot log on (Bit 0 of this field equals Sunday, bit 1 equals Monday, and so on).
LOGTIME 036 00 80 00000000 00 Time The time of the day the user can log on. If present (length of variable field not equal to 0), it is specified as 6 bytes formatted as two 3-byte packed decimal fields, 0ssssC0eeeeC, where ssss represents the start time (hhmm) from the ALU...WHEN(TIMES(...)) specification and eeee represents the end time. For hhmm, hh represents hours, and mm represents minutes.
FLDCNT 037 10 00 00000004 00   Reserved for IBM's use.
FLDNAME 038 80 00 00000008 00   Reserved for IBM's use.
FLDVALUE 039 80 00 00000000 00   Reserved for IBM's use.
FLDFLAG 040 A0 00 00000001 00   Reserved for IBM's use.
CLCNT 041 10 80 00000004 00 Int The number of classes in which the user is allowed to define profiles.
CLNAME 042 80 80 00000008 00 Char A class in which the user is allowed to define profiles. (The user has the CLAUTH attribute.) The user can also define profiles in any other classes with POSIT values matching these classes.
CONGRPCT 043 10 80 00000004 00 Int The number of groups that the user is connected to.
CONGRPNM 044 80 80 00000008 00 Char A group that the user is connected to.

USRCNT
USRNM
USRDATA
USRFLG

045
046
047
048

10
80
80
A0

00
80
80
80

00000004
00000008
00000000
00000001

00
00
00
00

Int

 Reserved for installation use. Note: Intended usage: For installation to store additional data in this profile. USRNM should have a field name to use as a key to identify each unique occurrence of a row in the repeat group. USRDATA and USRFLG hold the data associated with that name. For more information, see "Example 5: Updating the installation fields", in Appendix A of z/OS Security Server RACF Macros and Interfaces.
SECLABEL 049 00 80 00000008 00 Char Security label.
CGGRPCT 050 10 80 00000004 00 Int Number of Connect Group entries. Information from the following CGxxx fields is also available through the logical connect profiles (ICHEINTY with CLASS=CONNECT) in the database. See Connect template for the RACF database for more details.
CGGRPNM 051 82 80 00000008 00 Char Connect Group Entry Name.
CGAUTHDA 052 80 A0 00000003 FF Date Date the user was connected.
CGAUTHOR 053 80 80 00000008 FF Char Owner of connect occurrence.
CGLJTIME 054 81 00 00000004 FF Time Time of RACROUTE REQUEST=VERIFY.
CGLJDATE 055 81 20 00000003 FF Date Date of RACROUTE REQUEST=VERIFY.
CGUACC 056 A0 80 00000001 00 Bin Default universal access.
CGINITCT 057 81 00 00000002 FF Int Number of RACROUTE REQUEST=VERIFY requests that were successfully processed where the value specified in the CGRPNM field was the current connect group.
CGFLAG1 058 A0 80 00000001 00 Bin If bit 0 is on, the user has the ADSP attribute in that group.
CGFLAG2 059 A0 80 00000001 00 Bin If bit 0 is on, the user has the SPECIAL attribute in that group.
CGFLAG3 060 A0 80 00000001 00 Bin If bit 0 is on, the user has the OPERATIONS attribute in that group.
CGFLAG4 061 A0 80 00000001 00 Bin If bit 0 is on, the user has the REVOKE attribute in that group.
CGFLAG5 062 A0 80 00000001 00 Bin If bit 0 is on, the user has the GRPACC attribute in that group.
CGNOTUAC 063 A0 80 00000001 00 Bin If bit 0 is on, the user must be specifically authorized (by the PERMIT command) to use a terminal. If off, RACF uses the terminal's UACC.
CGGRPAUD 064 A0 80 00000001 00 Bin If bit 0 is on, the user has the GROUP AUDITOR attribute in that group.
CGREVKDT 065 80 20 00000000 00 Date The date the user is revoked. This field either has length 0, or contains a 3-byte revoke date.
CGRESMDT 066 80 20 00000000 00 Date The date the user is resumed. This field either has length 0, or contains a 3-byte resume date.
TUCNT 067 10 00 00000002 00 Int Number of user ID associations.
TUKEY 068 80 00 00000016 00 Char Associated node and user ID.
Byte
Meaning when set
0–7
The associated node name.
8–15
The associated user ID.
TUDATA 069 80 00 00000000     Associated user ID association data
Byte
Meaning when set
0
Version number of the TUDATA entry.
  Bin
1
Bitstring
0
Specifies the user as having (bit is on) or not having (bit is off) a peer user ID association.
1
Specifies the user as being (bit is on) the manager of a managed user ID association.
2
Specifies the user as being (bit is on) managed by a managed user ID association.
3
An association request for this user is pending (bit is on) on a remote RRSF node.
4
An association request for this user is pending (bit is on) on the local RRSF node.
5
Specifies that password synchronization is in effect (bit is on) for this peer-user ID association.
6
Specifies that the association request for this user was rejected (bit is on).
7
Reserved for IBM's use.
   
2–20
Reserved for IBM's use.
  Date
2–24
The date the user ID association was defined. (yyyymmdd)
  Time
25–32
The time the user ID association was defined.

For the format of the time, see the TIME macro as documented in z/OS MVS Programming: Assembler Services Reference IAR-XCT.
  Char
32–36
The date the user ID association was approved or refused. (yyyymmdd)
  Int
37–44
The time the user ID association was approved or refused.

For the format of the time, see the TIME macro as documented in z/OS MVS Programming: Assembler Services Reference IAR-XCT.
   
45–56
Reserved for IBM's use.
  Char
57–64
The user ID that created the entry.
CERTCT 070 10 00 00000004 00   Number of certificate names.
CERTNAME 071 80 00 00000000 00   Name of certificate. Names correspond to profiles in the DIGTCERT class for the user.
CERTLABL 072 80 00 00000000 00   Label associated with the certificate.
CERTSJDN 073 80 00 00000000 00   Subject's distinguished name.
CERTPUBK 074 80 00 00000000 00   Public key associated with the certificate.
CERTRSV3 075 80 00 00000000 00   Reserved for IBM's use.
FLAG9 076 20 80 00000001 00   Restricted Access = BIT0.
NMAPCT 077 10 00 00000004 00   Number of DIGTNMAP Mapping Profiles that specify this user ID.
NMAPLABL 078 80 00 00000000 00   Label associated with this mapping.
NMAPNAME 079 80 00 00000000 00   Name of mapping profile. The names correspond to profiles in the DIGTNMAP class.
NMAPRSV1 080 80 00 00000000 00   Reserved for IBM's use.
NMAPRSV2 081 80 00 00000000 00   Reserved for IBM's use.
NMAPRSV3 082 80 00 00000000 00   Reserved for IBM's use.
NMAPRSV4 083 80 00 00000000 00   Reserved for IBM's use.
NMAPRSV5 084 80 00 00000000 00   Reserved for IBM's use.
PWDENV 085 00 08 00000000 00 Bin Internal form of the enveloped RACF password.
PASSASIS 086 20 80 00000001 00 Bin Identifies the user as having (bit 0 is on) or not having used a mixed case password.
PHRASE 087 04 80 00000000 FF BIN The password phrase associated with this user.
PHRDATE 088 00 20 00000003 FF BIN The date the password phrase was last changed.
PHRGEN 089 00 00 00000001 FF INT Current password phrase generation number.
PHRCNT 090 10 00 00000004 00 INT Number of old password phrases.
OLDPHRNM 091 80 00 00000001 00 INT Generation number of password phrase.
OLDPHR 092 84 00 00000008 FF BIN Previous password phrase, truncated to 8 bytes.
CERTSEQN 093 00 00 00000004 00 INT Sequence number that is incremented whenever a certificate for the user is added, deleted, or altered.
PPHENV 094 00 00 00000000 00 BIN Internal form of the enveloped RACF password phrase.
DMAPCT 095 10 00 00000004 00   Number of IDIDMAP Mapping Profiles that specify this user ID.
DMAPLABL 096 80 00 00000000 00   Label associated with this mapping.
DMAPNAME 097 80 00 00000000 00   Name of mapping profile. The names correspond to profiles in the IDIDMAP class.
DMAPRSV1 098 80 00 00000000 00   Reserved for IBM's use.
DMAPRSV2 099 80 00 00000000 00   Reserved for IBM's use.
Field name Field ID Flag 1 Flag 2 Combination field IDs Type  
The following are the COMBINATION fields of the USER template.
DEFDATE 000 40 00 004 000 000 000 000   Combination.
CREADATE 000 40 00 004 000 000 000 000   Fields.
OWNER 000 40 00 005 000 000 000 000    
PASSDATA 000 40 00 012 013 000 000 000    
NAME 000 40 00 014 000 000 000 000    
OLDPSWDS 000 40 00 026 027 000 000 000    
LOGINFO 000 40 00 035 036 000 000 000    
FIELD 000 40 00 038 039 040 000 000    
USERDATA 000 40 00 046 047 048 000 000    
CGDEFDAT 000 40 00 052 000 000 000 000    
CGCREADT 000 40 00 052 000 000 000 000    
CGOWNER 000 40 00 053 000 000 000 000    
TUENTRY 000 40 00 068 069 000 000 000    
CERTLIST 000 40 00 071 072 000 000 000    
CERTLST2 000 40 00 071 072 073 074 000    
CERTLST3 000 40 00 071 072 073 000 000    
CERTSIGL 000 40 00 071 073 074 000 000    
OLDPHRES 000 40 00 091 092 000 000 000    
DMAPLST1 000 40 00 096 097 000 000 000   Combination for distributed identity.
Template Field being described
Field name (character data) Field ID Flag 1 Flag 2 Field length decimal Default value Type  
The following is the DFP segment of the USER template.
DFP 001 00 00 00000000 00   Start of segment fields
DATAAPPL 002 00 00 00000000 00 Char Data Application; maximum length = 8
DATACLAS 003 00 00 00000000 00 Char Data Class; maximum length = 8
MGMTCLAS 004 00 00 00000000 00 Char Management Class; maximum length = 8
STORCLAS 005 00 00 00000000 00 Char Storage Class; maximum length = 8
The following is the TSO segment of the USER template.
TSO 001 00 00 00000000 00   Start of segment fields
TACCNT 002 00 00 00000000 00 Char Default account numbers; maximum length = 40
TCOMMAND 003 00 00 00000000 00 Char Default command at logon; maximum length = 80
TDEST 004 00 00 00000000 00 Char Destination identifier; maximum length = 8
THCLASS 005 00 00 00000000 00 Char Default hold class; maximum length = 1
TJCLASS 006 00 00 00000000 00 Char Default job class
TLPROC 007 00 00 00000000 00 Char Default logon procedure; maximum length = 8
TLSIZE 008 00 00 00000004 00 Int Logon size
TMCLASS 009 00 00 00000000 00 Char Default message class; maximum length = 1
TMSIZE 010 00 00 00000004 00 Int Maximum region size
TOPTION 011 20 00 00000001 00 Bin Default for mail notices and OIDcard
TPERFORM 012 00 00 00000004 00 Int Performance group; stored as a two-byte value
TRBA 013 00 00 00000003 00 Bin RBA of user's broadcast area
TSCLASS 014 00 00 00000000 00 Char Default sysout class
TUDATA 015 00 00 00000002 00 Bin 2 bytes of hex user data
TUNIT 016 00 00 00000000 00 Char Default unit name; maximum length = 8
TUPT 017 00 00 00000000 00 Bin Data from UPT control block
TSOSLABL 018 00 00 00000000 00 Char Default logon SECLABEL; maximum length = 8
TCONS 019 00 00 00000000 00 Char Consoles support
The following is the CICS® segment of the USER template.
CICS 001 00 00 00000000 00   Start of segment fields
OPIDENT 002 00 00 00000003 00 Char Operator identification; 1 to 3 bytes in length
OPCLASSN 003 10 00 00000004 00 Int Count of operator class values
OPCLASS 004 80 00 00000001 00 Int Operator class
OPPRTY 005 00 40 00000002 00 Int Operator priority
XRFSOFF 006 20 00 00000001 00 Bin XRF re-signon option:
  • Bit 0 on = FORCE
  • Bit 0 off = NOFORCE
TIMEOUT 007 00 40 00000002 00 Bin Terminal timeout value

Two 1-byte binary fields:

  • First byte = hours (0–99)
  • Second byte = minutes (0–59)
Special case: The following examples are handled the same way:
  • First byte = 0 hours
  • Second byte = 60 minutes
  • First byte = 1 hours
  • Second byte = 0 minutes
RSLKEYN 008 10 00 00000004 00 Int Count of resource security level (RSL) key values
RSLKEY 009 80 00 00000002 00 Int RSL key value
TSLKEYN 010 10 00 00000004 00 Int Count of transaction security level (TSL) key values
TSLKEY 011 80 00 00000002 00 Int TSL key value
The following is the LANGUAGE segment of the USER template.
LANGUAGE 001 00 00 00000000 00   Start of segment fields
USERNL1 002 00 80 00000003 00 Char User's primary language; 3-character code returned by the MVS™ message service. For more information, see z/OS MVS Programming: Assembler Services Guide.
USERNL2 003 00 80 00000003 00 Char User's secondary language
The following is the OPERPARM segment of the USER template.
OPERPARM 001 00 00 00000000 00   Start of segment fields
OPERSTOR 002 00 00 00000002 00 Bin STORAGE keyword
OPERAUTH 003 00 00 00000002 00 Bin AUTH keyword:
  • X'8000' = MASTER
  • X'4000' = ALL
  • X'2000' = SYS
  • X'10000' = IO
  • X'0800' = CONS
  • X'0400' = INFO
OPERMFRM 004 00 00 00000002 00 Bin MFORM keyword:
  • Bit 0 indicates T
  • Bit 1 indicates S
  • Bit 2 indicates J
  • Bit 3 indicates M
  • Bit 4 indicates X
OPERLEVL 005 00 00 00000002 00 Bin LEVEL keyword:
  • Bit 0 indicates R
  • Bit 1 indicates I
  • Bit 2 indicates CE
  • Bit 3 indicates E
  • Bit 4 indicates IN
  • Bit 5 indicates NB
  • Bit 6 indicates ALL

Bit 6 is mutually exclusive with all other bits except Bit 5.
OPERMON 006 00 00 00000002 00 Bin MONITOR keyword:
  • Bit 0 indicates JOBNAMES
  • Bit 1 indicates JOBNAMEST
  • Bit 2 indicates SESS
  • Bit 3 indicates SESST
  • Bit 4 indicates STATUS

Bits 0 and 1 are mutually exclusive, as are bits 2 and 3.
OPERROUT 007 00 00 00000000 00 Bin ROUTCODE keyword; 16-bit length bitstring in which each bit indicates a particular ROUTCODE.
OPERLOGC 008 00 00 00000001 00 Bin LOGCMDRESP keyword.
Value
Meaning when set
X'80'
Indicates SYSTEM was specified.
X'40'
Indicates NO was specified.
OPERMGID 009 00 00 00000001 00 Bin MIGID keyword.
Value
Meaning when set
X'80'
Indicates YES was specified.
X'40'
Indicates NO was specified.
OPERDOM 010 00 00 00000001 00 Bin DOM keyword.
Value
Meaning when set
X'80'
Indicates NORMAL was specified.
X'40'
Indicates ALL was specified.
X'20'
Indicates NONE was specified.
OPERKEY 011 00 00 00000000 00 Bin KEY keyword; maximum length = 8
OPERCMDS 012 00 00 00000000 00 Bin CMDSYS keyword; maximum length = 8 (or '*')
OPERUD 013 00 00 00000001 00 Bin UD keyword.
Value
Meaning when set
X'80'
Indicates YES was specified.
X'40'
Indicates NO was specified.
OPERMCNT 014 10 00 00000004 00 Bin Count of MSCOPE systems
OPERMSCP 015 80 00 00000008 00 Bin MSCOPE systems
OPERALTG 016 00 00 00000000 00 Bin ALTGRP keyword
Value
Meaning when set
X'80'
Indicates YES was specified.
X'40'
Indicates NO was specified.
OPERAUTO 017 00 00 00000001 00 Bin AUTO keyword; X'80' indicates YES; X'40' indicates NO.
OPERHC 018 00 00 00000001 00 BIN HC keyword; X'80' indicates YES; X'40' indicates NO.
OPERINT 019 00 00 00000001 00 BIN INTIDS keyword; X'80' indicates YES; X'40' indicates NO.
OPERUNKN 020 00 00 00000001 00 BIN UNKNIDS keyword; X'80' indicates YES; X'40' indicates NO.
The following is the WORK ATTRIBUTES segment of the USER template.
WORKATTR 001 00 80 00000000 00   Start of segment fields
WANAME 002 00 80 00000000 00 Char User name for SYSOUT; maximum length = 60
WABLDG 003 00 80 00000000 00 Char Building for delivery; maximum length = 60
WADEPT 004 00 80 00000000 00 Char Department for delivery; maximum length = 60
WAROOM 005 00 80 00000000 00 Char Room for delivery; maximum length = 60
WAADDR1 006 00 80 00000000 00 Char SYSOUT address line 1; maximum length = 60
WAADDR2 007 00 80 00000000 00 Char SYSOUT address line 2; maximum length = 60
WAADDR3 008 00 80 00000000 00 Char SYSOUT address line 3; maximum length = 60
WAADDR4 009 00 80 00000000 00 Char SYSOUT address line 4; maximum length = 60
WAACCNT 010 00 80 00000000 00 Char Account number; maximum length = 255
The following is the OMVS segment of the USER template.
OMVS 001 00 00 00000000 00   Start of segment fields
UID 002 00 10 00000004 FF Int UID
HOME 004 00 00 00000000 00 Char HOME Path; maximum length = 1023
PROGRAM 005 00 00 00000000 00 Char Initial Program; maximum length = 1023
CPUTIME 006 00 00 00000004 FF Int CPUTIMEMAX
ASSIZE 007 00 00 00000004 FF Int ASSIZEMAX
FILEPROC 008 00 00 00000004 FF Int FILEPROCMAX
PROCUSER 009 00 00 00000004 FF Int PROCUSERMAX
THREADS 010 00 00 00000004 FF Int THREADSMAX
MMAPAREA 011 00 00 00000004 FF Int MMAPAREAMAX
MEMLIMIT 012 00 00 00000000 0 Char MEMLIMIT; maximum length = 9
SHMEMMAX 013 00 00 00000000 0 Char SHMEMMAX; maximum length = 9
The following is the NETVIEW segment of the USER template.
NETVIEW 001 00 00 00000000 00   Start of segment fields
IC 002 00 00 00000000 00 Char The command or command list to be processed by NetView® for this operator when the operator logs on to Netview; maximum length = 255
CONSNAME 003 00 00 00000000 00 Char The default MCS console identifier; maximum length = 8
CTL 004 20 00 00000001 00 Bin CTL keyword – Specifies whether a security check is performed for this NetView operator when they try to use a span or try to do a cross-domain logon.
Value
Meaning when set
X'00'
Indicates CTL was not specified or CTL(SPECIFIC) was specified.
X'80'
Indicates CTL(GLOBAL) was specified.
X'40'
Indicates CTL(GENERAL) was specified.
MSGRECVR 005 20 00 00000001 00 Bin MSGRECVR keyword
Value
Meaning when set
X'00'
Indicates the operator can receive unsolicited messages that are not routed to a specific NetView operator.
X'80'
Indicates the operator cannot receive unsolicited messages that are not routed to a specific NetView operator.
OPCLASSN 006 10 00 00000004 00 Int Count of operator class values.
OPCLASS 007 80 40 00000002 00 Int Specifies a NetView scope class for which the operator has authority. This is a 2-byte repeating field. Each member can have fixed-binary values from 1 to 2040.
DOMAINSN 008 10 00 00000004 00 Int The number of domains the NetView operator controls.
DOMAINS 009 80 00 00000000 00 Char Specifies the identifier of NetView programs in another NetView domain for which this operator has authority. This is a variable length (5-character maximum) repeating field.
NGMFADMN 010 20 00 00000001 00 Bin NGMFADMN keyword
Value
Meaning when set
X'00'
The NetView operator does not have administrator authority to the NetView Graphic Monitor Facility (NGMF).
X'80'
The NetView operator has administrator authority to the NetView graphic monitor facility (NGMF).
NGMFVSPN 011 00 00 00000000 00   NetView Graphic Monitor Facility view span options; maximum length = 8
The following is the DCE segment of the USER template.
DCE 001 00 00 00000000 00   Start of segment fields
UUID 002 00 00 00000036 FF Char User's DCE principal's UUID; exactly 36 characters, in the format nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn where n is any hexadecimal digit.
DCENAME 003 00 00 00000000 00 Char User's DCE principal name; maximum length = 1023
HOMECELL 004 00 00 00000000 00 Char Home cell for this DCE user; maximum length = 1023, and it must start with either /.../ or /.:/
HOMEUUID 005 00 00 00000036 FF Char Home cell UUID; exactly 36 characters, in the format nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn where n is any hexadecimal digit.
DCEFLAGS 006 20 00 00000001 00 Bin User flags
DPASSWDS 007 00 00 00000000 00 Char Current DCE password
DCEENCRY 008 00 00 00000071 00 Bin PW mask/encrypt key
The following is the OVM segment of the USER template.
OVM 001 00 00 00000000 00   Start of segment fields
UID 002 00 00 00000004 FF Int OVM - UID
HOME 003 00 00 00000000 00 Char Home path; maximum length = 1023
PROGRAM 004 00 00 00000000 00 Char Initial program; maximum length = 1023
FSROOT 005 00 00 00000000 00 Char File system root; maximum length = 1023
The following is the LNOTES segment of the USER template.
LNOTES 001 00 00 00000000 00   Start of segment fields
SNAME 002 00 14 00000000 00 Char User's short name; maximum length = 64
The following is the NDS segment of the USER template.
NDS 001 00 00 00000000 00   Start of segment fields
UNAME 002 00 14 00000000 00 Char User's user name; maximum length = 246
The following is the KERB segment of the USER template.
KERB 001 00 00 00000000 00   Start of segment fields
KERBNAME 002 00 00 00000000 00 Char Kerberos principal name
MINTKTLF 003 00 00 00000000 00 Char Reserved for IBM's use.
MAXTKTLF 004 00 00 00000000 00 Char Maximum ticket life
DEFTKTLF 005 00 00 00000000 00 Char Reserved for IBM's use.
SALT 006 00 00 00000000 00 Char Current key salt
ENCTYPE 007 00 00 00000000 00 Char Encryption type
CURKEYV 008 00 00 00000000 00 Char Current key version
CURKEY 009 00 00 00000000 00 Char Current DES key
PREVKEYV 010 00 00 00000000 00 Char Previous key version
PREVKEY 011 00 00 00000000 00 Char Previous DES key
ENCRYPT 012 00 00 00000004 55 Bin Encryption type
KEYFROM 013 00 00 00000000 00 Char

Key source
0 = PASSWORD
1 = PHRASE
The following is the PROXY segment of the USER template.
PROXY 001 00 00 00000000 00   Start of segment fields
LDAPHOST 002 00 00 00000000 00 Char LDAP server URL; maximum length: 1023
BINDDN 003 00 00 00000000 00 Char Bind distinguished name; maximum length: 1023
BINDPW 004 00 08 00000000 00 Char Bind password; maximum length: 128
BINDPWKY 005 00 08 00000071 00 Char Bind password mask or encrypt key
The following is the EIM segment of the USER template.
EIM 001 00 00 00000000 00 Char Start of segment fields
LDAPPROF 002 00 00 00000000 00 Char LDAPBIND profile name
The following is the CSDATA segment of the USER template.
CSDATA 001 00 00 0 0   Start of segment fields for custom fields
Note: Intended usage for these fields is dictated by your installation. See z/OS Security Server RACF Security Administrator's Guide for more information on custom fields.
CSCNT 002 10 00 4 00 Integer Count of custom fields
CSTYPE 003 80 00 1 01 Bin Custom field type:
  • 01 - character
  • 02 - numeric
  • 03 - flag
  • 04 - hex
CSKEY 004 80 00 00 00 Char Custom field keyword; maximum length = 8
CSVALUE 005 80 00 0 00 Char Custom field value
Field name Field ID Flag 1 Flag 2 Combination field IDs Type  
The following is a COMBINATION field of the CSDATA segment of the USER template.
CSCDATA 000 40 00 003 004 005 000 000 Char Combination field for custom fields
Parent topic: Format of field definitions

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014