Is it possible to add new fields to the logonid record without an IPL?

Document ID : KB000026673
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:  

Is it possible to add new fields to the logonid record without an IPL?

Answer:  

The following explains how to dynamically add fields to the logonid record and also provides additional information related to updates to the ACFFDR.

It is possible to add fields to the logonid record without an IPL. This is done by making the appropriate logonid update via usermod UM99901 then issuing the following command: F ACF2,NEWMOD(ACFFDR). A NEWMOD of the ACFFDR cannot be used to update the UID string, SVC or SMF numbers, an IPL is required to modify these ACFFDR options.

You need to use extreme caution when adding fields to the logonid record since this record is used to determine resource access. For example if you add fields to the logonid record, you need to ensure that this change does not alter the order, length or offset of the fields that comprise the UID string or any other field that was previous defined.

The safest way to add a site defined field to the ACF2 logonid record is to add the field at the end of the user portion of the logonid record - in either USERLID or USERXLID sections. This way, the field is only using unused blank bytes at the end of the user portion of the logonid record.

You should never add any user defined fields to the ACFLID or ACFXLID sections of the logonid record as these are reserved for ACF2 defined fields only.

In summary, you can dynamically modify the layout of the logonid record but you need to use extreme caution when modifying this very sensitive record.

The CA acf2 systems programmers guide and install guide provide detailed information related to updating the ACFFDR.