I've got a problem. Decades ago, I made some assumptions about RACF's
FACILITY class that have turned out to be wrong.
Currently, I'm working on implementing a new security rule for z/XDC,
and the individual rules ("entities") can be up to 59 characters long.
Decades ago, when I was porting z/XDC's security rules from ACF2 to
RACF, I made the decision to piggy-back my security rules into RACF's
FACILITY class. I didn't know much about RACF then (and I still
don't), and it did not occur to me that rule length would be an
issue. I was wrong. It is an issue.
Yesterday, I was testing with an instance of the new rule that was 44
characters long. Boom! My "RACROUTE REQUEST=AUTH" (racheck) call
failed with "ICH409I 282-054 ABEND DURING RACHECK PROCESSING". This
basically means that the entity I passed (my 44-character rule) was
too long for its class (FACILITY).
Ouch!
So now I have several questions that I'm hoping someone here can
provide answers to.
* What is the longest entity the FACILITY class will accept?
* Where do I find that specific fact doc'd?
* Is there a command that will display that information?
* Is there a catch-all class that z/XDC can use for its rules
other than FACILITY?
* Where do other vendors put their rules?
Asking for a friend [:-J]
Dave Cole
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
