acf2 ACF00201 ENTRY COUNT EXCEEDS CAPACITY OF FIELD SELAUTH

book

Article ID: 198234

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA LDAP Server for z/OS CA PAM Client for Linux for zSeries CA Web Administrator for Top Secret

Issue/Introduction

Insert command duplicates hidden ACF2 default values already in lists in GSO record fields, like a list in parens; then try to figure out which one or two value(s) is/are already there when you can't see it before the insert. This is a little bit different with a different msg, but just as bad. Maybe a little worse.

We had this GSO APPLDEF record:

 NFS* / APPLDEF.DB2 LAST CHANGED BY USER01 ON 08/04/17-16:02                                                                    
                      APPLDIV(-) APPLDLEN(4) CLASS(C/CONTROL) DFTDRTN() RECID(ACFD2EXT/EXITS ACFD2OPT/OPTS ACFD2SAF/SAFELIST.-)
                      RECIDLEN(17) RSBLIB() SELAUTH(ACCOUNT ALL AUDIT CONSULT LEADER SECURITY) TYPE(DB2/DB2)                   

When creating it with a SYSID of '****', like (after setting the SYSID to ****):
ins appldef.db2 APPLDIV(-) APPLDLEN(4) CLASS(C/CONTROL) DFTDRTN() RECID(ACFD2EXT/EXITS ACFD2OPT/OPTS ACFD2SAF/SAFELIST.-) -
RECIDLEN(17) RSBLIB() SELAUTH(ACCOUNT ALL AUDIT CONSULT LEADER SECURITY) TYPE(DB2/DB2)                                     

ACF00201 ENTRY COUNT EXCEEDS CAPACITY OF FIELD SELAUTH

If created it without the SELAUTH field at all I get:the correct record field values:

ins appldef.db2 APPLDIV(-) APPLDLEN(4) CLASS(C/CONTROL) DFTDRTN() RECID(ACFD2EXT/EXITS ACFD2OPT/OPTS ACFD2SAF/SAFELIST.-) -
RECIDLEN(17) RSBLIB() TYPE(DB2/DB2)                                                                                        
 **** / APPLDEF.DB2 LAST CHANGED BY CSA30 ON 08/26/20-17:44                                                                    
                      APPLDIV(-) APPLDLEN(4) CLASS(C/CONTROL) DFTDRTN() RECID(ACFD2EXT/EXITS ACFD2OPT/OPTS ACFD2SAF/SAFELIST.-)
                      RECIDLEN(17) RSBLIB() SELAUTH(ACCOUNT AUDIT CONSULT LEADER SECURITY) TYPE(DB2/DB2)                       

We like to use ACFBATCH for making our changes in production and another ACFBATCH for backing the changes out. But many, many GSO records cannot be prepped to reliably deploy changes with an INSERT command like that because they get unexpected errors like this. There are many more examples.

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

For certain records ACF2 has defaulted values. In these cases, the default value already exists. Currently, there is a workaround to insert the record with REP at the end. For example, when inserting the appldef record adding the rep to the end will insert the appldef record with only that which was specified in the SELAUTH field:

insert appldef.test APPLDIV(-) APPLDLEN(4) CLASS(C/CONTROL) DFTDRTN()
RECID(ACFD2EXT/EXITS ACFD2OPT/OPTS ACFD2SAF/SAFELIST.-) RECIDLEN(17) RSBLIB()
SELAUTH(ACCOUNT ALL AUDIT CONSULT LEADER SECURITY) TYPE(DB2/DB2) rep


TEST / APPLDEF.TEST LAST CHANGED BY USER01 ON 08/27/20-07:46
APPLDIV(-) APPLDLEN(4) CLASS(C/CONTROL) DFTDRTN()
RECID(ACFD2EXT/EXITS ACFD2OPT/OPTS ACFD2SAF/SAFELIST.-)
RECIDLEN(17) RSBLIB()
SELAUTH(ACCOUNT ALL AUDIT CONSULT LEADER SECURITY)
TYPE(DB2/DB2)

Second example only insert SELAUTH(ALL) with a REP:

insert appldef.test APPLDIV(-) APPLDLEN(4) CLASS(C/CONTROL) DFTDRTN()
RECID(ACFD2EXT/EXITS ACFD2OPT/OPTS ACFD2SAF/SAFELIST.-) RECIDLEN(17) RSBLIB()
SELAUTH(ALL) TYPE(DB2/DB2) rep

TST1 / APPLDEF.TEST LAST CHANGED BY USER01 ON 08/27/20-08:03
APPLDIV(-) APPLDLEN(4) CLASS(C/CONTROL) DFTDRTN()
RECID(ACFD2EXT/EXITS ACFD2OPT/OPTS ACFD2SAF/SAFELIST.-)
RECIDLEN(17) RSBLIB() SELAUTH(ALL) TYPE(DB2/DB2)