Trace Detail 1

Trace Detail 1
ctsfz
TSS-
x
-
rcdr
*
acid
init
fcmmrr
G/
swr1r2dhvh
,
pfdovoaa
L/
l1l2ee
F/
f1f2f3f4
,
c1c2c3
,
aabb
,
iijjkk
  • x
    Event Code:
    • A = Abend
    • C = RACROUTE REQUEST=AUTH
    • D = RACDEF access
    • E = termination
    • F = RACROUTE REQUEST=FASTAUTH
    • I = initiation/signon
    • L = RACLIST
    • O = RACROUTE REQUEST=AUDIT
    • P = Control option
    • T = TSS command/program
    • V = password verify (from JES)
    • X = RACXTRT
    • Y = VERIFYX call from JES
  • rc
    Security Interface Return Code (hex):
    • 00 = access allowed
    • 04 = resource not owned / ACID not defined / ACTION(PASSWORD) on data set PERMIT
    • 08 = access denied / signon password incorrect
    • 0C = password expired
    • 10 = new password invalid
    • 14 = signon failed
    • 18 = initiation failed by site security exit
    • 1C = initiation access failed (see DRC for explanation)
    • 20 = force TSO UADS password security
    • 28 = OID card required
    • 2C = OID card not valid
    • 30 = terminal access rejected
    • 34 = application access denied
    • 50 = surrogate check failed
    • 54 = JESJOBs not authorized
  • dr
    Detail Violation Reason Code (hex):
    Specific violation code that denied access or operation.
    *If present, indicates that the return code 'rc' was actually passed to the caller. If blank, then a real return code of 00 was returned. A real return of 00 indicates that the user is not in FAIL MODE.
  • acid
    The name of the ACID associated with this event.
  • init
    A batch jobname, STC procname, or online userid with this event.
  • f
    Facility Code-From the Facility Matrix entry for this facility. Identifies the facility:
    • T = TSO
    • C = CICSPROD
    • B = BATCH
    • I = IMSPROD
    • S = STC
    • K = CICSTEST
    • N = NCCF
    • R = ROSCOE
  • c
    Resource Class or Event:
    Identifies the type of resource being accessed, or the operation being attempted. For example: PROGRAM, CPU, TERMINAL, DATASET, ABSTRACT, VOLUME.
  • mm
    User or Facility Mode (bit mask):
    • 80 = DORMANT
    • 40 = WARN
    • 20 = FAIL
    • 30 = IMPL,
    • 01 = CA Top Secret HAS EXPIRED
  • rr
    RACF SVC Flags (bit mapped).
    Note:
    For an indication of which call type is applicable for the trace, review the TSS-
    x
    (Event Code) information in the trace. For example, the event code could indicate C=RACROUTE REQUEST=AUTH (RACHECK).
    RACINIT:
    • 00 = ENVIR = CREATE
    • 04 = STAT = NO
    • 08 = PASSCHK = NO
    • 40 = ENVIR = CHANGE
    • 80 = ENVIR = DELETE
    • C0 = ENVIR = VERIFY
    RACHECK:
    • 00 = RACFIND not specified
    • 01 = ENTITY=(,CSA)
    • 02 = LOG=NONE
    • 08 = 31-bit parameters
    • 10 = VSAM dataset
    • 80 = RACFIND=NO
    • C0 = RACFIND=YES
    RACDEF:
    • 00 = RACFIND not specified
    • 20 = CHKAUTH=YES
    • 80 = RACFIND=NO
    • C0 = RACFIND=YES
  • G/
    Algorithm Data
  • sw
    Algorithm Switch:
    • 00 = access allowed
    • 04 = authorization not found
    • 08 = access denied
    • 0C = volume access is create; force DSN checking
    • 10 = volume access is (none)
  • r1
    RELATIVE RULE that allowed or denied data set access (first rule is 01, second rule is 02, and so on.)
  • r2
    RELATIVE RULE that allowed or denied volume access
  • dh
    ALGORITHM HIGH LENGTH for data sets or resources
  • vh
    ALGORITHM HIGH LENGTH for volume access
  • pf
    RELATIVE SECURITY RECORD that allowed or denied access:
    • 00 = USER record
    • FF = ALL record
    • 01-FE = PROFILE 1-254
  • do
    DATA SET AUTHORIZATION ORIGIN: (see vo below)
  • vo
    VOLUME AUTHORIZATION ORIGIN:
    • 10 = owned (through TSS ADDTO)
    • 20 = authorized (through TSS PERMIT)
    • 80 = tape owned
  • aa
    ACTION from rule that authorized or allowed access (bit mask):
    • 00 = No
      aa
      values exist on the PERMIT
    • 02 = PASSWORD or NODSN or DENY
    • 08 = NOTIFY
    • 10 = EXIT
    • 20 = AUDIT
    • 80 = FAIL
  • L/
    LOGGING INDICATORS
  • l1
    • 01 = do not write to SMF
    • 02 = force message to user
    • 04 = send specific message by id
    • 08 = do not perform I/O
    • 10 = audited event
    • 20 = real return code passed
    • 40 = forced log-out
    • 80 = violation
  • l2
    FLAGS (bit mask):
    • 01 = delay after message
    • 02 = audit update/alteration
    • 04 = audit access if successful
    • 08 = audit access or LOG=NOFAIL
    • 10 = initiating control ACID
    • 20 = unused (reserved for future use)
    • 40 = do not update feedback area
    • 80 = LOG=NONE
  • ee
    EVENT CODE:
    • 01 = job initiation
    • 02 = resource check
    • 32 = TSS command
    • 33 = program change
    • 34 = change control option
    • 39 = Dynamic Update Facility update
    • 40 = operator accountability check
  • F/
    FLAG INDICATOR
  • f1
    • 01 = change propagation
    • 02 = rename
    • 04 = RACROUTE REQUEST=FASTAUTH logging
    • 08 = JES early verify
    • 10 = trace this call
    • 20 = always caller
    • 40 = tape data set request
    • 80 = VSAM data set access
  • f2
    • 01 = ACTION(EXIT)
    • 02 = no initiation resource checks
    • 04 = FETCH protection required
    • 08 = VTHRESH exceeded
    • 10 = this is a non-violation
    • 20 = mask search performed
    • 40 = resource is audited
    • 80 = ACTION(PASSWORD)
  • f3
    • 01 = environment data obtained
    • 02 = z/OS system
    • 04 = feedback area validated
    • 08 = do not perform logging
    • 10 = audit this event
    • 20 = simulator trace
    • 40 = TSSSIM simulation
    • 80 = AMODE(31) storage used
  • f4
    • 01 = PLIST is not RACF-compatible
    • 02 = this is TCBSENV
    • 04 = third party RACHECK
    • 08 = RACHECK invoked by FRACHECK
    • 10 = at least one TSO message issued
    • 20 = priv/exempt caller
    • 40 = initiator in control
    • 80 = JES2, JES3, or JES3
      plus™
      in control
  • c1
    • 01 = password change required
    • 02 = exit continues without checks
    • 04 = no password checking
    • 08 = user mode used
    • 10 = STCACT
    • 20 = VMRDR submission
    • 40 = password violation
    • 80 = security bypass /job
  • c2
    • 01 = abend recovery is enabled
    • 02 = address space termination
    • 04 = CHKAUTH=YES
    • 08 = ACEE= supplied with SVC
    • 10 = non 3270 device
    • 20 = GAR retry
    • 40 = undefined ACID
    • 80 = OID card prompt
  • c3
    UNDEFINED ACID RETRY SWITCH:
    • 01 = default ACID
    • 02 = exit called
  • aa
    PROCESS/ABEND STATE (bit mapped):
    • 01 = TSSERASE
    • 02 = TSSKGAR
    • 04 = logging interface
    • 20 = installation exit
    • 40 = invalid feedback area
    • 80 = invalid parameter
  • bb
    MODULE/ABEND STATE (bit mapped)
    • 01 = TSSKROUT
    • 02 = TSSKEXTR
    • 04 = TSSKCHG
    • 08 = TSSKIXI
    • 10 = TSS utility or command
    • 20 = TSSKSEC
    • 40 = TSSFRACK
    • 80 = TSSKID
  • ii
    INSTALLATION EXIT FLAG (bit mapped):
    • 01 = Unused (reserved for future use)
    • 02 = Unused (reserved for future use)
    • 04 = Unused (reserved for future use)
    • 08 = User in BYPASS mode
    • 10 = Unused (reserved for future use)
    • 20 = Exit requested ACID to be suspended
    • 40 = Exit requested auditing
    • 80 = Exit requested MODE change
  • jj
    Return code from installation exit
  • kk
    Function code for entry to installation exit