For installations using the IRRACEE class to store security environments with the Virtual Lookaside Facility (VLF), administrators should be aware that issuing certain RACF® commands can delete one or more such objects.

Examples of commands that delete the stored security environment for a user are DELUSER, PASSWORD, and ALTUSER.

You can determine the fields that cause VLF purging on ACEE by referring to the RACF database templates in z/OS Security Server RACF Macros and Interfaces. A security-sensitive field has bit 0 of flag 2 turned on. Changes to such a field trigger VLF purging.

For participants sharing a RACF database, deleting one or more stored security environments on one system causes all stored security environments to be deleted by the other participants. Thus, the administration of user profiles in a shared environment with a performance-oriented participant should be administered from that system, if possible.

In all cases, any deleted security environment can be restored on demand through actions such as legitimate logging on or job submission.

For information on using VLF for mapping z/OS UNIX user identifiers (UIDs) and z/OS UNIX group identifiers (GIDs) in the UNIXMAP class, see Using the UNIXMAP class and Virtual Lookaside Facility (VLF).

For more information on VLF, see z/OS MVS Planning: Operations, z/OS MVS Initialization and Tuning Guide, and z/OS MVS Initialization and Tuning Reference.