CA Top Secret Diagnostic Trace › Trace Detail 1

Trace Detail 1

TSS‑x‑rcdr*acid init fcmmrr G/swr1r2dhvh,pfdovoaa L/l1l2ee F/f1f2f3f4,
  c1c2c3,aabb,iijjkk

x

Event Code:

• A=Abend
• C=RACROUTE REQUEST=AUTH
• D=RACDEF access
• E=termination
• F=RACROUTE REQUEST=FASTAUTH
• I=initiation/signon
• L=RACLIST
• O=RACROUTE REQUEST=AUDIT
• P=Control option
• T=TSS command/program
• V=password verify (from JES)
• X=RACXTRT
• Y=VERIFYX call from JES

rc

Security Interface Return Code (hex):

• 00-access allowed
• 04-resource not owned / ACID not defined / ACTION(PASSWORD) on data set PERMIT
• 08-access denied / signon password incorrect
• 0C-password expired
• 10-new password invalid
• 14-signon failed
• 18-initiation failed by site security exit
• 1C-initiation access failed (see DRC for explanation)
• 20-force TSO UADS password security
• 28-OID card required
• 2C-OID card not valid
• 30-terminal access rejected
• 34-application access denied
• 50-surrogate check failed
• 54-JESJOBs not authorized

dr

Detail Violation Reason Code (hex):

Specific violation code that denied access or operation.

*If present, indicates that the return code 'rc' was actually passed to the caller. If blank, then a real return code of 00 was returned. A real return of 00 indicates that the user is not in FAIL MODE.

acid

The name of the ACID associated with this event.

init

A batch jobname, STC procname, or online userid with this event.

f

Facility Code-From the Facility Matrix entry for this facility. Identifies the facility:

• T=TSO
• C=CICSPROD
• B=BATCH
• I=IMSPROD
• S=STC
• K=CICSTEST
• N=NCCF
• R=ROSCOE

See FACILITY(ID) in the Control Options Guide.

c

Resource Class or Event:

Identifies the type of resource being accessed, or the operation being attempted. For example: PROGRAM, CPU, TERMINAL, DATASET, ABSTRACT, VOLUME.

mm

User or Facility Mode (bit mask):

• 0=DORMANT
• 40=WARN
• 20=FAIL
• 30=IMPL,
• 01=CA Top Secret HAS EXPIRED

rr

RACF SVC Flags (bit mapped):

RACINIT:

• 00ENVIR=CREATE
• 04STAT=NO
• 08PASSCHK=NO
• 40ENVIR=CHANGE
• 80ENVIR=DELETE
• C0ENVIR=VERIFY

RACHECK:

• 00RACFIND not specified

01ENTITY=(,CSA)

• 02LOG=NONE
• 0831‑bit parameters
• 10VSAM dataset
• 80RACFIND=NO
• C0RACFIND=YES

RACDEF:

• 00RACFIND not specified
• 20CHKAUTH=YES
• 80RACFIND=NO
• C0RACFIND=YES

G/

Algorithm Data

sw

Algorithm Switch:

• 00access allowed
• 04authorization not found
• 08access denied
• 0Cvolume access is create; force DSN checking
• 10volume access is (none)

r1

RELATIVE RULE that allowed or denied data set (first rule is 01, second rule is 02, and so on.)

r2

RELATIVE RULE that allowed or denied volume access

dh

ALGORITHM HIGH LENGTH for data sets or resources

vh

ALGORITHM HIGH LENGTH for volume access

pf

RELATIVE SECURITY RECORD that allowed or denied access:

• 00 = USER record
• FF = ALL record
• 01‑FE = PROFILE 1‑254

do

DATA SET AUTHORIZATION ORIGIN: (see vo below)

vo

VOLUME AUTHORIZATION ORIGIN:

• 10 = owned (via TSS ADDTO)
• 20 = authorized (via TSS PERMIT)
• 80 = tape owned

aa

ACTION from rule that authorized or allowed access (bit mask):

• 02PASSWORD or NODSN or DENY
• 08NOTIFY
• 10EXIT
• 20AUDIT
• 80FAIL

L/

LOGGING INDICATORS

l1

• 01do not write to SMF
• 02force message to user
• 04send specific message by id
• 08do not perform I/O
• 10audited event
• 20real return code passed
• 40forced log‑out
• 80violation

l2

FLAGS (bit mask):

• 01delay after message
• 02audit update/alteration
• 04audit access if successful
• 08audit access or LOG=NOFAIL
• 10initiating control ACID
• 20reserved
• 40do not update feedback area
• 80LOG=NONE

ee

EVENT CODE:

• 01job initiation
• 02resource check
• 32TSS command
• 33program change
• 34change control option
• 39DUF update
• 40operator accountability check

F/

FLAG INDICATOR

f1

• 01 = change propagation
• 02 = rename
• 04 = RACROUTE REQUEST=FASTAUTH logging
• 08 = JES early verify
• 10 = trace this call
• 20 = always caller
• 40 = tape data set request
• 80 = VSAM data set access

f2

• 01 = ACTION(EXIT)
• 02 = no initiation resource checks
• 04 = FETCH protection required
• 08 = VTHRESH exceeded
• 10 = this is a "non" violation
• 20 = mask search performed
• 40 = resource is audited
• 80 = ACTION(PASSWORD)

f3

• 01 = environment data obtained
• 02 = z/OS system
• 04 = feedback area validated
• 08 = do not perform logging
• 10 = audit this event
• 20 = simulator trace
• 40 = TSSSIM simulation
• 80 = AMODE(31) storage used

f4

• 01 = PLIST is not RACF‑compatible
• 02 = this is TCBSENV
• 04 = third party RACHECK
• 08 = RACHECK invoked by FRACHECK
• 10 = at least ONE TSO message issued
• 20 = priv/exempt caller
• 40 = initiator in control
• 80 = JES2 or JES3 in control

c1

• 01 = password change required
• 02 = exit continues without checks
• 04 = no password checking
• 08 = user mode used
• 10 = STCACT
• 20 = VMRDR submission
• 40 = password violation
• 80 = security bypass /job

c2

• 01 = abend switch
• 02 = address space termination
• 04 = CHKAUTH=YES
• 08 = ACEE= supplied with SVC
• 10 = non 3270 device
• 20 = GAR retry
• 40 = undefined ACID
• 80 = OID card prompt

c3

UNDEFINED ACID RETRY SWITCH:

• n01 = default ACID
• n02 = exit called

aa

PROCESS/ABEND STATE (bit mapped):

• 01 = TSSERASE
• 02 = TSSKGAR
• 04 = logging interface
• 20 = installation exit
• 40 = invalid feedback area
• 80 = invalid parameter

bb

MODULE/ABEND STATE (bit mapped)

• 01 = TSSKROUT
• 02 = TSSKEXTR
• 04 = TSSKCHG
• 08 = TSSKIXI
• 10 = TSS utility or command
• 20 = TSSKSEC
• 40 = TSSFRACK
• 80 = TSSKID

ii

INSTALLATION EXIT FLAG (bit mapped):

• 01 = RESERVED
• 02 = RESERVED
• 04 = RESERVED
• 08 = User in BYPASS mode
• 10 = RESERVED
• 20 = Exit requested ACID to be suspended
• 40 = Exit requested auditing
• 80 = Exit requested MODE change

jj

Return Code From Installation Exit

kk

Function Code For Entry To Installation Exit