IMS Connect RACF user ID cache

IMS Connect can be configured to use a memory cache for RACF® user IDs instead of issuing RACF requests for every transaction.

When IMS Connect is configured to use RACF security, the RACF user ID provided for each message must be validated before the message can be processed. This method of RACF security authentication can negatively affect the performance of IMS Connect. To improve performance without disabling RACF support, you can enable the IMS Connect RACF user ID cache. The cache stores previously verified RACF user IDs from all sessions. When possible, the cached information is passed to OTMA without the need for a new RACF verification request.

During system definition, the settings of the RACF user ID cache are configured with the TCPIP statement of the IMS Connect member of the PROCLIB data set (HWSCFGxx). Specifically, the cache settings are defined with the RACF, UIDCACHE, and UIDAGE parameters. The RACF parameter defines whether IMS Connect uses RACF authentication, the UIDCACHE parameter defines whether the RACF user ID cache is enabled, and the UIDAGE parameter specifies the default refresh interval for cached IDs.

You can also enable or disable the cache when IMS Connect is running with any of the following commands:
  • The WTOR command SETUIDC
  • The z/OS® Modify command UPDATE MEMBER
  • The type-2 command UPDATE IMSCON TYPE(CONFIG) SET(UIDCACHE(ON | OFF))

When IMS Connect is running, it automatically monitors the RACF Event Notification Facility (ENF) events associated with the cached user IDs. If the RACF ENF issues a type 71 event for the RACF CONNECT or REMOVE commands, or for an ALTUSER REVOKE command, IMS Connect automatically refreshes the user ID. IMS Connect issues event number 258 after automatically refreshing the specified ID in the cache.

You can also refresh specific user IDs manually with any of the following commands:

  • The WTOR command REFRESH RACFUID
  • The z/OS Modify command UPDATE RACFUID
  • The type-2 command UPDATE IMSCON TYPE(RACFUID) NAME(userid) OPTION(REFRESH)