The properties for the supplied classes in RACF can be found here https://www.ibm.com/docs/en/zos/2.3.0?topic=reference-supplied-class-descriptor-table-entries You can easily add new classes by adding a profile in the CDT class.
-----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of David Cole Sent: יום א 12 נובמבר 2023 12:40 To: IBM-MAIN@LISTSERV.UA.EDU Subject: RACF, the FACILITY class, and z/XDC [You don't often get email from dbc...@colesoft.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] I've got a problem. Decades ago, I made some assumptions about RACF's FACILITY class that have turned out to be wrong. Currently, I'm working on implementing a new security rule for z/XDC, and the individual rules ("entities") can be up to 59 characters long. Decades ago, when I was porting z/XDC's security rules from ACF2 to RACF, I made the decision to piggy-back my security rules into RACF's FACILITY class. I didn't know much about RACF then (and I still don't), and it did not occur to me that rule length would be an issue. I was wrong. It is an issue. Yesterday, I was testing with an instance of the new rule that was 44 characters long. Boom! My "RACROUTE REQUEST=AUTH" (racheck) call failed with "ICH409I 282-054 ABEND DURING RACHECK PROCESSING". This basically means that the entity I passed (my 44-character rule) was too long for its class (FACILITY). Ouch! So now I have several questions that I'm hoping someone here can provide answers to. * What is the longest entity the FACILITY class will accept? * Where do I find that specific fact doc'd? * Is there a command that will display that information? * Is there a catch-all class that z/XDC can use for its rules other than FACILITY? * Where do other vendors put their rules? Asking for a friend [:-J] Dave Cole ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
