Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
RACF commands for flushing a VLF cache z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
For installations using the IRRACEE class to store security environments with the Virtual Lookaside Facility (VLF), administrators should be aware that issuing certain RACF® commands can delete one or more such objects. Examples of commands that delete the stored security environment for a user are DELUSER, PASSWORD, and ALTUSER. You can determine the fields that cause VLF purging on ACEE by referring to the RACF database templates in z/OS Security Server RACF Macros and Interfaces. A security-sensitive field has bit 0 of flag 2 turned on. Changes to such a field trigger VLF purging. In an installation where no RACF database
sharing occurs, issuing commands that deal with certain general resource
classes or profiles can delete all stored security environments.
Examples of this include activating, deactivating, or issuing SETROPTS
NORACLIST(classname) or SETROPTS RACLIST(classname) REFRESH
for these classes:
For participants sharing a RACF database, deleting one or more stored security environments on one system causes all stored security environments to be deleted by the other participants. Thus, the administration of user profiles in a shared environment with a performance-oriented participant should be administered from that system, if possible. In all cases, any deleted security environment can be restored on demand through actions such as legitimate logging on or job submission. For information on using VLF for mapping z/OS UNIX user identifiers (UIDs) and z/OS UNIX group identifiers (GIDs) in the UNIXMAP class, see Using the UNIXMAP class and Virtual Lookaside Facility (VLF). For more information on VLF, see z/OS MVS Planning: Operations, z/OS MVS Initialization and Tuning Guide, and z/OS MVS Initialization and Tuning Reference. |
Copyright IBM Corporation 1990, 2014
|