The return code and reason code values documented in the following table are associated with RACROUTE REQUEST=AUTH requests. AUTH requests are issued to check the authorization of an already verified user to access a protected resource. The most common use of AUTH is to check if a user is authorized to access a specific data set.
| SAF Return Code | RACF Return Code | RACF Reason Code | Description |
|---|---|---|---|
| X'00' | X'00' | X'0000' | Request completed successfully.
The user is authorized by RACF to obtain use of a RACF-protected resource. |
| X'00' | X'00' | X'0004' | Request completed successfully.
The user is authorized by RACF to obtain use of a RACF-protected resource. Indicates one of the following:
|
| X'00' | X'00' | X'0010' | Request completed successfully.
The user is authorized by RACF to obtain use of a RACF-protected resource. When CLASS=TAPEVOL, indicates the TAPEVOL profile contains a TVTOC. |
| X'00' | X'00' | X'0020' | Request completed successfully.
The user is authorized by RACF to obtain use of a RACF-protected resource. When CLASS=TAPEVOL, indicates that the TAPEVOL profile can contain a TVTOC, but currently does not (for a scratch pool volume). |
| X'00' | X'00' | X'0024' | Request completed successfully.
The user is authorized by RACF to obtain use of a RACF-protected resource. When CLASS=TAPEVOL, indicates that the TAPEVOL profile does not contain a TVTOC. |
| X'00' | X'14' | X'00XX' | Request completed successfully.
Requested function with STATUS=ACCESS specified has completed successfully. The user's highest access to the specified resource is indicated by one of the following reason codes:
|
| X'04' | X'00' | X'0000' | Request could not be completed.
No RACF decision was possible. No security decision could be made. RACF is not installed -or- the specified requester, subsystem, or class is not in the RACF router table -or- the specified class is not in the RACF class descriptor table. |
| X'04' | X'04' | X'0000' | Request could not be completed. No RACF decision was possible.
The specified resource is not protected by RACF. Note:
Note:
If PROTECTALL is active, no profile is found, and the user ID whose authority was checked does not have the SPECIAL attribute, RACF returns a return code X'08' instead of a return code X'04' and denies access. One of the following has occurred:
|
| X'04' | X'04' | X'0004' | Request could not be completed.
No RACF decision was possible. The specified resource is not protected by RACF. Indicates STATUS=ERASE was specified and the data set is to be erased when scratched. |
| X'08' | X'08' | X'0000' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
Indicates a normal completion. A possible cause would be PROTECTALL is active, no profile is found, and the user ID whose authority was checked does not have the SPECIAL attribute. |
| X'08' | X'08' | X'0004' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
Indicates STATUS=ERASE was specified and the data set is to be erased when scratched. |
| X'08' | X'08' | X'0008' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
Indicates DSTYPE=T or CLASS=TAPEVOL was specified and the user is not authorized to use the specified volume. |
| X'08' | X'08' | X'000C' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
Indicates the user is not authorized to use the data set. |
| X'08' | X'08' | X'0010' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
Indicates DSTYPE=T or CLASS=TAPEVOL was specified and the user is not authorized to specify TAPELBL=(,BLP). |
| X'08' | X'08' | X'0014' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
Indicates the user is not authorized to open a non-cataloged data set. |
| X'08' | X'08' | X'0018' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
Indicates the user is not authorized to issue RACROUTE REQUEST=AUTH when system is in tranquil state (MLQUIET). |
| X'08' | X'08' | X'001C' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
A user with EXECUTE authority to the data set profile specified ATTR=READ, and RACF failed the access attempt. |
| X'08' | X'08' | X'0020' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
The user's security label does not dominate that of the resource; it fails SECLABEL authorization checking. |
| X'08' | X'08' | X'0024' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
The user's security label can never dominate that of the resource. |
| X'08' | X'08' | X'0028' | Request failed. The user is not authorized by RACF to obtain use of the specified RACF-protected resource.
The resource must have a security label, but does not have one. |
| X'08' | X'0C' | X'0000' | Request failed.
The OLDVOL specified was not part of the multivolume data set defined by VOLSER, or it was not part of the same tape volume defined by ENTITY. |
| X'08' | X'10' | X'00XX' | Request failed.
RACROUTE REQUEST=VERIFY was issued by a third party, and RACROUTE REQUEST=AUTH failed. The reason code 00XX value is the RACF return code from the RACROUTE REQUEST=VERIFY. |
| X'08' | X'64' | X'0000' | Request failed.
Indicates that the CHECK subparameter of the RELEASE keyword was specified on the execute form of the RACROUTE REQUEST=AUTH macro; however, the list form of the macro does not have the same RELEASE parameter. Macro processing terminates. |