Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Failsoft processing z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
During failsoft processing (when the RACF® database is not active), RACF uses global access checking tables, REQUEST=LIST in-storage profiles, or a supplied profile, if any of these are present, to process resource access checking requests. Note: RACF does not perform
generic profile checking, because a generic profile might allow access
to a resource that an existing discrete profile already protects.
If that profile had been retrieved, RACF would
not have allowed access to the resource.
RACF calls REQUEST=AUTH and REQUEST=DEFINE preprocessing installation exits during failsoft processing. (RACF does not call postprocessing exits.) This action frees the installation to define its own version of failsoft processing. By defining its own version of failsoft processing, an installation can allow or deny access to a resource or permit normal failsoft processing to continue. During failsoft processing, the logging that your installation has specified continues as when RACF is active. In addition, RACF logs all accesses that the operator allows or denies. If no global access checking tables are present, no REQUEST=LIST
in-storage profiles are present, and no profile has been supplied,
the preprocessing installation exits are called first. Then failsoft
processing continues as follows:
|
Copyright IBM Corporation 1990, 2014
|