To set up installation-defined classes, work with your RACF system programmer to add new class descriptors to the installation-defined part (module ICHRRCDE) of the RACF class descriptor table (CDT). For an example of how to add installation-defined classes to the CDT, see Customizing security processing.
All installation-defined classes defined in the CDT must also be defined in the MVS™ router table. This is because the MVS router checks any class used in a router request to determine if it actually exists. If it does not, no request is sent to RACF. To define classes to the MVS router, add them to ICHRFR01, the user-modifiable portion of the MVS router table, as described in the z/OS Security Server RACROUTE Macro Reference. Also see Specifying user-defined resources to RACF.
When setting up installation defined classes, we recommend that you copy the IBM-supplied defaults from the CDT, an example of which is in the z/OS Security Server RACF Macros and Interfaces manual. You will then need to change the name, group or member name, POSIT number, and ID. See the description of the ICHERCDE macro in the z/OS Security Server RACF Macros and Interfaces manual for details of valid values for these operands. See the same manual for information about creating installation-defined resource classes. For an example of how to add resource classes, see the IBM-supplied sample, DFH$RACF, which is in CICSTS31.CICS.SDFHSAMP.