Summary of changes made in z/OS Version 2 Release 2
The following changes are made to z/OS Version 2 Release 2 (V2R2).
This document contains information previously presented in z/OS Security Server RACF Command Language Reference, SA23-2292-00, which supports z/OS Version 2 Release 1.
New information
- SIGNAL has been added to the list of functions that may be started by the RESTART (Restart RACF subsystem functions) command.
- FULLRRSFCOMM has been added as a new operand for the SET command.
- TARGET (Manage RRSF nodes) has been updated with new operands: DENYINBOUND, ALLOWINBOUND, NEWMAIN, PLEXNEWMAIN and RESETDENYINBOUNDCOUNT.
- The role of a read-only auditor to monitor audit information for a system, but have no additional authority over the system or the RACF database, has been created in this release. The role affects the following commands: ADDUSER, ALTUSER, LISTUSER, LISTGRP, LISTDSD, RLIST, SEARCH AND SETROPTS.
- Supplied resource classes for z/OS systems has been updated to include the new class FSEXEC for access to z/OS® UNIX file systems.
- Examples of controlling the use of the RACDCERT command using the RDATALIB class has been added to the RACDCERT (Manage RACF digital certificates) topic
- The ADDUSER (Add user profile), ALTUSER (Alter user profile), RACLINK (Administer user ID associations) and SETROPTS (Set RACF options) commands are updated for enhanced RACF password security.
- A new note has been added to SETROPTS (Set RACF options) indicating that SETROPTS LIST performs a read of the RACF database.
- A cautionary statement has been added to ALTUSER (Alter user profile) with regards to changing UID's and the potential to lose access to resources.
Changed information
- The LIST output of the SET command has been updated to display the FULLRRSFCOMM setting.
- Authorization required in RDEFINE (Define general resource profile) has been updated.
- RACLINK (Administer user ID associations) notes for the LIST and DEFINE keywords have been enhanced.
- Authorization required in RACDCERT (Manage RACF digital certificates) has been updated to include granular authorization using the RDATALIB class.
- The syntax and description for the AUDIT operand in ALTDSD (Alter data set profile) has been updated for clarity.
- Multiple uses of the term RACF® segment has been changed to the term BASE segment throughout the publication.
Deleted information
- The ability to reset another user's password to a known default value by using PASSWORD or PHRASE (Specify user password or password phrase) was removed in this release.