Introduction

The profiles in the RACF® database contain the information RACF needs to control access to resources. The RACF commands allow you to add, change, delete, and list the profiles for:

Users
Groups
Data sets
General resources, which include terminals, DASD volumes, and all other resource classes defined in the RACF class descriptor table (CDT).

Table 1 shows, in alphabetic order, each command, and its function.

Most RACF functions do not require special versions or releases of the operating system or operating system components. However, some do require that your system be at a certain level. If you are unsure about whether a particular RACF function is available with your system, see your security administrator.

Some commands require that the RACF subsystem be active or that you have authorization to issue the commands. Refer to the "Authorization Required" section with each command for details on the authorization required.

The following RACF commands are available only on RACF for VM:

ADDFILE
ADDDIR
ALTFILE
ALTDIR
DELFILE
DELDIR
LFILE
LDIRECT
PERMFILE
PERMDIR
SRFILE
SRDIR

See the appropriate RACF Command Language Reference for your VM system for more information.

Note: In data sharing mode or read-only mode, RACF employs global ENQs to serialize access to the RACF database before adding or removing protection from a resource. Otherwise - unless the installation has explicitly converted to GRS - RACF uses hardware RESERVE/RELEASE.