z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Directing commands using the ONLYAT option

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

The following information pertains only to automatic command direction.

Because automatic command direction provides a facility to keep RACF® database profiles synchronized between RRSF nodes with respect to RACF TSO commands, you might need to fix a situation that has caused the RACF profiles to become unsynchronized. The ONLYAT option addresses this situation.

The ONLYAT option is restricted to SPECIAL users because it can potentially cause unsynchronized conditions if used improperly. It is a mechanism to direct RACF TSO commands to the same or other nodes in the same manner as the AT option, except that the command is not automatically directed. That is, it runs only on the node it is directed to. The command is processed in the RACF subsystem address space under the authority of the specified user ID provided the following requirements are met:
  • Both the command issuer and the target user ID must be SPECIAL.
  • If the target user ID is the same as the command issuer (although nodes can be different), no user ID association is required.
  • If the target user ID is different from the command issuer, a user ID association between command issuer and target user ID is required. (This prevents a SPECIAL user from unauthorized use of another remote SPECIAL user ID.)
Parent topic: Command direction

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014