This document covers the following topics:
The SAF Security Kernel displays an eight-byte code containing various return and reason codes from SAF.
This information is shown in a number of messages denoted "SSSSSSSS".
The SAF return code contains the following structure:
| Position Within Message Code | Information Content |
|---|---|
| Byte: 1 | SAF return code (R15 after RACROUTE) |
| Byte: 2 | Function code (see section Internal Function Code) |
| Byte: 3 | RACROUTE return code |
| Byte: 4 | RACROUTE reason code |
| Byte: 5-8 | Internal reason code |
The SAF trace messages written to DDPRINT, when GWMSGL is not 0, include the first four bytes of this information, printed as eight hexadecimal digits:
| Position Within Trace Message | Information Content |
|---|---|
| Digits 1 and 2 | SAF return code (R15 after RACROUTE) |
| Digits 3 and 4 | Function code (see section Internal Function Code) |
| Digits 5 and 6 | RACROUTE return code |
| Digits 7 and 8 | RACROUTE reason code |
Refer to the IBM External Security Interface (RACROUTE) Macro Reference manual for MVS and VM for a thorough explanation of all possible return/reason codes. CA-Top Secret and CA-ACF2 can provide different return code values in some circumstances.
SAF Security Kernel internal function codes include:
| Function Code (Hex) | Description |
|---|---|
| 00 | Authorize Natural Library |
| 04 | Authorize Adabas access |
| 08 | Authorize SYSMAIN function |
| 0C | Authorize Natural system files |
| 10 | Authorize Natural program execution |
| 14 | Authorize Broker service |
| 18 | Authorize Net-Work access |
| 1C | Authorize SQL Server access |
| 44 or 6C | AuthenticateUser |
