Gadi, Binyamin, Rob, Ed, Phil, Hayim and Peter!
Thank you all for good information and a GREAT discussion!
Like some of you, I also am very sensitive to the customer's burden,
so while creating a "$XDC" class perhaps might be "easy", to
paraphrase Peter, why would I make a customer do that when I don't have to...
So thank you to those who tipped me off about the XFACILIT. It sounds
perfect for my needs.
Dave
I've got a problem. Decades ago, I made some assumptions about
RACF's FACILITY class that have turned out to be wrong.
Currently, I'm working on implementing a new security rule for
z/XDC, and the individual rules ("entities") can be up to 59 characters long.
Decades ago, when I was porting z/XDC's security rules from ACF2 to
RACF, I made the decision to piggy-back my security rules into
RACF's FACILITY class. I didn't know much about RACF then (and I
still don't), and it did not occur to me that rule length would be
an issue. I was wrong. It is an issue.
Yesterday, I was testing with an instance of the new rule that was
44 characters long. Boom! My "RACROUTE REQUEST=AUTH" (racheck) call
failed with "ICH409I 282-054 ABEND DURING RACHECK PROCESSING". This
basically means that the entity I passed (my 44-character rule) was
too long for its class (FACILITY).
Ouch!
So now I have several questions that I'm hoping someone here can
provide answers to.
What is the longest entity the FACILITY class will accept?
Where do I find that specific fact doc'd?
Is there a command that will display that information?
Is there a catch-all class that z/XDC can use for its rules other
than FACILITY?
Where do other vendors put their rules?
Asking for a friend [:-J]
Dave Cole
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
