Previous Topic Next topic Print topic


Error Codes for AUTH Requests

The return code and reason code values documented in the following table are associated with RACROUTE REQUEST=AUTH requests. AUTH requests are issued to check the authorization of an already verified user to access a protected resource. The most common use of AUTH is to check if a user is authorized to access a specific data set.

SAF Return Code RACF Return Code RACF Reason Code Description
X'00' X'00' X'0000' Request completed successfully.

The user is authorized by RACF to obtain use of a RACF-protected resource.

X'00' X'00' X'0004' Request completed successfully.

The user is authorized by RACF to obtain use of a RACF-protected resource. Indicates one of the following:

  • STATUS=ERASE was specified and the data set is to be erased when scratched
  • the warning status of the resource was requested by the RACROUTE REQUEST=AUTH issuer's setting bit X'10' at offset 12 decimal in the request-specific portion of the RACROUTE REQUEST=AUTH parameter list with the resource in warning mode.
X'00' X'00' X'0010' Request completed successfully.

The user is authorized by RACF to obtain use of a RACF-protected resource. When CLASS=TAPEVOL, indicates the TAPEVOL profile contains a TVTOC.

X'00' X'00' X'0020' Request completed successfully.

The user is authorized by RACF to obtain use of a RACF-protected resource. When CLASS=TAPEVOL, indicates that the TAPEVOL profile can contain a TVTOC, but currently does not (for a scratch pool volume).

X'00' X'00' X'0024' Request completed successfully.

The user is authorized by RACF to obtain use of a RACF-protected resource. When CLASS=TAPEVOL, indicates that the TAPEVOL profile does not contain a TVTOC.

X'00' X'14' X'00XX' Request completed successfully.

Requested function with STATUS=ACCESS specified has completed successfully. The user's highest access to the specified resource is indicated by one of the following reason codes:

  • 00

    The user has no access.

  • 04

    The user has READ authority.

  • 08

    The user has UPDATE authority.

  • 0C

    The user has CONTROL authority.

  • 10

    The user has ALTER authority.

X'04' X'00' X'0000' Request could not be completed.

No RACF decision was possible. No security decision could be made. RACF is not installed -or- the specified requester, subsystem, or class is not in the RACF router table -or- the specified class is not in the RACF class descriptor table.

X'04' X'04' X'0000' Request could not be completed. No RACF decision was possible.

The specified resource is not protected by RACF.

Note: Note:

If PROTECTALL is active, no profile is found, and the user ID whose authority was checked does not have the SPECIAL attribute, RACF returns a return code X'08' instead of a return code X'04' and denies access.

One of the following has occurred:

  • There is no RACF profile protecting the resource
  • RACF is not active
  • Specified class is not active
  • Specified class requires SETROPTS RACLIST option to be active and it is not.
  • CLASS TEMPDSN was active and the dataset is a temporary dataset.
X'04' X'04' X'0004' Request could not be completed.

No RACF decision was possible. The specified resource is not protected by RACF.

Indicates STATUS=ERASE was specified and the data set is to be erased when scratched.

X'08' X'08' X'0000' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

Indicates a normal completion. A possible cause would be PROTECTALL is active, no profile is found, and the user ID whose authority was checked does not have the SPECIAL attribute.

X'08' X'08' X'0004' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

Indicates STATUS=ERASE was specified and the data set is to be erased when scratched.

X'08' X'08' X'0008' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

Indicates DSTYPE=T or CLASS=TAPEVOL was specified and the user is not authorized to use the specified volume.

X'08' X'08' X'000C' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

Indicates the user is not authorized to use the data set.

X'08' X'08' X'0010' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

Indicates DSTYPE=T or CLASS=TAPEVOL was specified and the user is not authorized to specify TAPELBL=(,BLP).

X'08' X'08' X'0014' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

Indicates the user is not authorized to open a non-cataloged data set.

X'08' X'08' X'0018' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

Indicates the user is not authorized to issue RACROUTE REQUEST=AUTH when system is in tranquil state (MLQUIET).

X'08' X'08' X'001C' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

A user with EXECUTE authority to the data set profile specified ATTR=READ, and RACF failed the access attempt.

X'08' X'08' X'0020' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

The user's security label does not dominate that of the resource; it fails SECLABEL authorization checking.

X'08' X'08' X'0024' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

The user's security label can never dominate that of the resource.

X'08' X'08' X'0028' Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.

The resource must have a security label, but does not have one.

X'08' X'0C' X'0000' Request failed.

The OLDVOL specified was not part of the multivolume data set defined by VOLSER, or it was not part of the same tape volume defined by ENTITY.

X'08' X'10' X'00XX' Request failed.

RACROUTE REQUEST=VERIFY was issued by a third party, and RACROUTE REQUEST=AUTH failed. The reason code 00XX value is the RACF return code from the RACROUTE REQUEST=VERIFY.

X'08' X'64' X'0000' Request failed.

Indicates that the CHECK subparameter of the RELEASE keyword was specified on the execute form of the RACROUTE REQUEST=AUTH macro; however, the list form of the macro does not have the same RELEASE parameter. Macro processing terminates.

Previous Topic Next topic Print topic