Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Profiles z/OS Security Server RACF Diagnosis Guide GA32-0886-00 |
|||||
The profiles, or entity records, contain the actual descriptions of the attributes and authorities for every entity (users, groups, DASD data sets, and resource classes defined in the class descriptor table) defined to RACF®. The number in the entry-type field identifies the type of profile and corresponds to the number of the template that maps this type of profile. The record data (including the type of profile that it is) follows the header. This data consists of the fields that are mapped by a template. See the template description corresponding to each type of profile for the contents of these fields. The template descriptions are in z/OS Security Server RACF Macros and Interfaces. Because there can be duplicate entry names in different classes,
the RACF manager adds a class
identifier to the beginnings of general-resource
entry names (for example; DASDVOL -, TAPEVOL
-, or TERMINAL- for DASD volumes, tape volumes,
or terminals, respectively). General-resource class names that are
not eight characters in length are padded with trailing blanks.
Note: If
you define a profile and use generic characters such as (*) to add
members to the profile, RLIST RESGROUP does not return any of the
matching profiles in its output because it does not support generic
matches.
Generic profile names have the first period in a DATASET profile replaced by X'01', and the dash in the class identifier for general-resource classes replaced by X'02'. Although these expanded names are transparent to the user, they appear when using the block update utility command or the IRRUT200 utility. You also need to be aware of them when constructing a database range table. When a tape volume profile is initially created, RACF places the tape volume serial in the volume list of the profile. RACF creates an index entry and profile name in the standard way. If another tape volume is to be added (creating a volume set), RACF adds its volume serial to the volume list in the profile and creates an index entry for the volume that points to the profile. For example, if there are six tape volumes in a tape volume set, there are six index entries pointing to the same profile and six volume serials in the profile's volume list. When a tape volume is deleted, RACF removes the volume serial from the volume list in the profile and deletes the index entry. The profile name does not change, even if the volume after which the profile might have been named is deleted. It is possible to have a profile name of TAPEVOL -TAPE01 without having a corresponding index entry and without having TAPE01 in the volume serial list. The database profiles consist of segments that are made up of fields
and repeat groups that follow a record header. The record header,
the field structure, and the repeat group structure are described
in this document.
When displaying a profile with the BLKUPD command, you might want to have the RACF database templates available for reference. These can be found in z/OS Security Server RACF Macros and Interfaces. They include a list of the field IDs in numeric order. The field IDs are in decimal in z/OS Security Server RACF Macros and Interfaces but in hexadecimal when displayed by the BLKUPD command. |
Copyright IBM Corporation 1990, 2014
|