RVARY (Change status of RACF database)

Purpose

Use the RVARY command to:

Deactivate and reactivate the RACF® function.
Switch from using a specific primary data set to using its corresponding backup data set, perhaps because of a failure related to the primary data set.
Deactivate or reactivate primary or backup RACF data sets. (Deactivating a specific primary data set causes all RACF requests for access to that data set to fail. Deactivating a specific backup data set causes RACF to stop duplicating information on that data set.)
Deactivate protection for any resources belonging to classes defined in the class descriptor table while RACF is inactive.
Select the mode of operation when RACF is enabled for sysplex communication.

While RACF is deactivated, utilities can be run to diagnose and repair logical errors in the RACF database. RACF installation exits can provide special handling for requests to access RACF-protected resources (for example, by prompting the operator to allow or deny access). If the RACF data set is itself RACF-protected, RACF failsoft processing, which can include installation exit routine processing, controls access to the RACF database. When you deactivate RACF using the RVARY command, only users defined in TSO SYS1.UADS can still log on to TSO, and RACF does not validate those user IDs. When RACF is inactive, failsoft processing takes effect.

Note: Failsoft processing occurs only when all primary RACF data sets are inactive. If you have multiple RACF data sets and only one is inactive, you are likely to experience ABENDs. See z/OS® Security Server RACF System Programmer's Guide for more information on failsoft processing and using RVARY.

RACF logs each use of the RVARY command provided that the system has been IPLed with RACF active and the use of RVARY changes the status of RACF. For example, if you issue RVARY to deactivate a RACF database that is already inactive, you do not change the status of RACF. Therefore, RACF does not log this particular use of RVARY. When RACF is enabled for sysplex communication, logging of the RVARY commands occurs only on the system from which the command originated.

When you deactivate a RACF data set (using RVARY INACTIVE) or switch to a backup RACF data set (using RVARY SWITCH), RACF automatically deallocates that data set. To reactivate a data set, use the RVARY ACTIVE command. The RVARY SWITCH does not activate an inactive data set. RACF automatically reallocates that data set. This feature allows you to restore the data set from a copy on tape or recatalog the data set on another volume without having to re-IPL your system.

If you deactivate the primary RACF data set, and uncatalog it, and replace it with an alternate data set, the alternate data set must be cataloged and have the same name as the original data set before you can activate it. When you deactivate (and deallocate) a RACF data set, you can move the data set from one direct access storage device to another.

Before recataloging a data set, you must first deactivate the data set by issuing either the RVARY INACTIVE or the RVARY SWITCH command.

Using RVARY when RACF is enabled for sysplex communication: In addition to the RVARY DATASHARE and RVARY NODATASHARE commands, which are valid only when RACF is enabled for sysplex communication, the following RVARY commands are propagated when RACF is enabled for sysplex communication:

RVARY ACTIVE
RVARY INACTIVE
RVARY SWITCH

When issued from any member of the RACF data sharing group, these commands are propagated in a controlled, synchronized manner to each of the other members in the group.

Notes:

For RVARY INACTIVE NOCLASSACT(classname-list | *) and RVARY INACTIVE(NOTAPE) commands, only the RVARY INACTIVE portion of the command is propagated.
The MVS operator commands ROUTE *ALL and ROUTE system-group-name are allowed only with RVARY LIST.
RACF does not propagate commands if the system is operating in failsoft mode unless failsoft mode was entered because an RVARY INACTIVE command was issued.
RVARY INACTIVE DATASET, SWITCH, DATASHARE, and NODATASHARE require that RVARY quiesce RACF database I/O activity before proceeding. There can be no database I/O activity in progress while the status of the database is changed or the database could get corrupted. Consequently, RVARY must wait for previously scheduled database I/O to complete before proceeding. If there are problems with the DASD device the data set is on and the I/O is hung, those problems have to be cleared up before the command can complete. See the RVARY command documentation in z/OS Security Server RACF System Programmer's Guide for more information.

Issuing options

The following table identifies the eligible options for issuing the RVARY command:

As a RACF TSO command?	As a RACF operator command?	With command direction?	With automatic command direction?	From the RACF parameter library?
Yes	Yes	No	No	Yes

For information on issuing this command as a RACF TSO command, refer to RACF TSO commands.

For information on issuing this command as a RACF operator command, refer to RACF operator commands.

Authorization required

Start of change No special authority is needed to issue the RVARY command. However, the operator (at the operator console or security console) must approve a change in RACF status or the RACF data sets - or a change in the operational mode if RACF is enabled for sysplex communication - before RACF allows the command to complete. End of change

If the RVARY command changes RACF or database status (ACTIVE/INACTIVE), RACF issues an informational message and the operator is required to enter the password defined by RVARYPW STATUS(status-pw) to authorize the change. If the RVARY command switches the RACF data sets (SWITCH) or changes the RACF operating mode (DATASHARE/NODATASHARE), RACF issues an informational message and the operator is required to enter the password defined by RVARYPW SWITCH(switch-pw). When RVARY is issued as a RACF operator command from a console with master authority, the default password YES is also accepted for RVARY ACTIVE, RVARY NODATASHARE or RVARY SWITCH commands.

Syntax

For the key to the symbols used in the command syntax diagrams, see Syntax of RACF commands and operands. The complete syntax of the RVARY command is:

[subsystem-prefix]RVARY

[ DATASET(data-set-name... | *) ]

[ LIST | NOLIST ]

For information on issuing this command as a RACF TSO command, refer to RACF TSO commands.

For information on issuing this command as a RACF operator command, refer to RACF operator commands.

Parameters

subsystem-prefix

Specifies that the RACF subsystem is the processing environment of the command. The subsystem prefix can be either the installation-defined prefix for RACF (1 - 8 characters) or, if no prefix has been defined, the RACF subsystem name followed by a blank. If the command prefix was registered with CPF, you can use the MVS command D OPDATA to display it or you can contact your RACF security administrator.

Only specify the subsystem prefix when issuing this command as a RACF operator command. The subsystem prefix is required when issuing RACF operator commands.

ACTIVE

Specifies that the RACF function for, and access to, the primary RACF database is to be reactivated.

If you want to reactivate a particular primary data set or if you want to activate or reactivate a backup data set, then you must specify the DATASET operand with the appropriate data set name.

When you reactivate any RACF data set it is automatically reallocated.

When RACF is enabled for sysplex communication and RVARY ACTIVE is issued from one member of a sysplex data sharing group, RACF attempts to connect every peer system that is in data sharing mode or in read-only mode to the coupling facility structures associated with each active database. If any connection attempt fails, the affected member enters read-only mode, although the data set will remain allocated and active. The system originating the command might be in either data sharing mode or in read-only mode.

INACTIVE [NOCLASSACT(class-namelist | *) (NOTAPE)]

INACTIVE

Specifies that the RACF function for, and access to, the RACF database is to be deactivated.

To deactivate a particular primary data set or a backup data set, specify the DATASET operand with the appropriate data set name. If the DATASET operand is not specified, the default is all primary RACF data sets.

If your installation did not specify a backup database in the data set name table, and you need to deactivate the primary database, you must use the RVARY INACTIVE command. If you have only a single data set, your system enters failsoft processing. If you have multiple data sets and only some are active, you are likely to experience ABENDs.

When you deactivate any RACF data set, it is automatically deallocated.

If RACF is enabled for sysplex communication, RACF disconnect from any coupling-facility-related structures that are in use by members of a RACF sysplex data sharing group running in data sharing mode or in read-only mode.

If the data set specified in the RVARY INACTIVE command is associated with a coupling facility structure failure, or with a connection failure and there is no other failed structure or connection, the system can be put into data sharing mode as a result of RVARY INACTIVE.

INACTIVE NOCLASSACT(class-namelist | *)

Specifies those classes for which RACF protection is not in effect while RACF is inactive. The variable class-namelist can contain any class defined in the class descriptor table, while * indicates that the operand applies to all classes defined in class descriptor table. This option takes effect immediately and is valid for the current IPL or until RVARY ACTIVE is issued. If you just want to deactivate the class(es) without deactivating the RACF database, you should use the command SETROPTS NOCLASSACT (class-namelist

|
*

) because INACTIVE NOCLASSACT also deactivates the database. NOCLASSACT is not propagated when issued from a member of a sysplex data sharing group.

INACTIVE(NOTAPE)

Specifies that tape volume protection for volumes with IBM® standard labels, ANSI labels, and nonstandard labels is no longer in effect while RACF is inactive. This option takes effect immediately and is valid for the current IPL or until RVARY ACTIVE is issued. If you just want to deactivate the tape volume without deactivating the RACF database, you should use the command SETROPTS NOCLASSACT(tapevol) because INACTIVE(NOTAPE) also deactivates the database. NOTAPE is not propagated when issued from a member of a sysplex data sharing group.

DATASHARE | NODATASHARE

DATASHARE

Specifies to begin data sharing mode. This operand applies only when RACF is enabled for sysplex communication.

If the mode was non-data sharing, RACF discontinues using the hardware RESERVE/RELEASE protocol and uses GRS to serialize access to the RACF database. Systems not already in data sharing mode attempts to connect to all RACF structures. For information on failure scenarios, see z/OS Security Server RACF System Programmer's Guide.

If RACF is enabled for sysplex communication, RACF propagates RVARY DATASHARE commands to the other systems in the data sharing group. Members in non-data sharing mode attempt to connect to all structures. If successful, the mode becomes data sharing. Otherwise, it becomes read-only mode.

Note: The current state of the RACF system (that is, ACTIVE or FAILSOFT) from which the command is issued has no effect on either the function or the propagation of the RVARY DATASHARE commands or vice versa, unless the system is in failsoft due to an error during IPL.

NODATASHARE

suspends data sharing mode and enables an installation to update the RACF database even if the system is experiencing coupling facility failure or unavailability. This operand applies only when RACF is enabled for sysplex communication.

When sharing data among many systems, RACF relies on the coupling facility and an alternative serialization technique to provide higher performance. In this environment, RVARY NODATASHARE might result in degraded performance, because RACF discontinues using the coupling facility cache structures and serialization associated with RACF sysplex data sharing and employs the hardware RESERVE/RELEASE protocol. It should be used only to allow critical updates to the database.

If RACF is enabled for sysplex communication, RACF propagates RVARY NODATASHARE commands to the other systems in the data sharing group. The effect of the RVARY DATASHARE command on group members depends on the member's previous database access mode. If the member's previous database access mode was data sharing mode or read-only mode, the member disconnects from all structures and enters non-data sharing mode. If the members previous database access mode was non-data sharing mode, no action is taken.

Note: The current state of the RACF system (that is, ACTIVE or FAILSOFT) from which the command is issued has no effect on either the function or the propagation of the RVARY NODATASHARE commands or vice versa, unless the system is in failsoft due to an error during IPL.

SWITCH

Specifies that all processing is to switch from the primary RACF data sets (identified by the DATASET operand) to the corresponding backup data sets. When the switch occurs, the primary data sets are deactivated and deallocated. If you specify DATASET(*) or omit DATASET, the command applies to all primary data sets. If you specify the name of a backup data set on the DATASET operand, RACF issues an error message and ignores the name. In order for the switch to take place, the corresponding backup data sets must be active.

When you issue RVARY SWITCH, RACF associates a set of buffers with the new primary database (the original backup database) and disassociates the buffers from the original primary database (the new backup database). The coupling facility structures associated with the primary and backup RACF databases are not switched, so IRRXCF00_Pnnn structures always correspond to primary database and IRRXCF00_Bnnn structures always correspond to backup database.

To return to the original primary database, you must first activate the backup data sets (the former primary data set) using an RVARY ACTIVE command. An RVARY SWITCH then returns the primary data sets to their original position.

If RACF is enabled for sysplex communication, RACF allocates buffers for backup data sets. The size of the buffer for the backup database is 20 percent of the primary database buffer size. When you issue RVARY SWITCH, RACF associates the larger buffer with the new primary database (the original backup database).

Note: If the data set specified in the SWITCH command is associated with a coupling facility structure failure or with a connection failure, and there is no other failed structure or connection, the system might be put into data sharing mode as a result of the RVARY SWITCH.

DATASET(data-set-name ... | *)

Specifies a list of one or more RACF data sets to be switched, reactivated, or deactivated, depending on the SWITCH, ACTIVE, or INACTIVE operands. If you specify DATASET(*) or omit DATASET, the command applies to all primary data sets.

DATASET can be specified with ACTIVE, INACTIVE, or SWITCH; it is not applicable with DATASHARE, NODATASHARE or LIST.

Note: As an exception to normal TSO parsing rules, RACF continues to recognize previously acceptable abbreviations (such as

D,
DA, DAT, DATA, DATAS

) as aliases for DATASET. The shortest acceptable alias for DATASHARE is DATASH.

Do not enclose data set names in single quotation marks.

LIST | NOLIST

If you omit LIST and NOLIST, the default value is LIST.

LIST

Specifies that status information is to be listed for all RACF data sets. If you specify ACTIVE, INACTIVE, SWITCH, DATASHARE, or NODATASHARE, the status displayed is the status after the requested changes have been made if the changes were approved by the operator. If RACF is enabled for sysplex communication, the LIST output includes a line indicating the current operating mode. RVARY LIST does not require operator approval.

The volume information contains an *NA if the device on which the RACF data set resides has been dynamically reconfigured from the system. It contains *DEALLOC if the data set has been inactivated and deallocated.

If at least one RACF database volume is not shared, the SHR column is added to the volume information, and the unshared volume is marked N. The N indicates that the RACF data set resides on a device that is not shared, or it resided on a nonshared device prior to inactivation and deallocation.

NOLIST

Specifies that status information for RACF data sets is not to be listed.

Examples

Example	Activity label	Description
1	Operation	User wants to see if the backup data sets are activated.
	Command	`RVARY LIST`
	Output	See Figure 1.
	Defaults	None.
2	Operation	Operator wants to temporarily deactivate and deallocate RACF to make repairs to a particular primary RACF data set.
	Known	The RACF subsystem prefix is `#`.
	Command	`#RVARY INACTIVE,DATASET(RACF.PRIM1)`
	Output	See Figure 2.
	Defaults	LIST
3	Operation	Operator wants to activate the backup data set (RACF.BACK1).
	Known	The backup data set RACF.BACK1 is inactive, and the RACF subsystem prefix is `#`.
	Command	`#RVARY ACTIVE,DATASET(RACF.BACK1)`
	Output	See Figure 3.
	Defaults	LIST
4	Operation	Operator wants to switch from using the primary data set to using the backup data set.
	Known	The appropriate backup data set is active, and the RACF subsystem prefix is `#`.
	Command	`#RVARY SWITCH,DATASET(RACF.PRIM1)`
	Output	See Figure 4.
	Defaults	LIST
5	Operation	User wants to change the operating mode to non-data sharing mode for all members of the IRRXCF00 group, in order to allow an update of the RACF data set.
	Known	RACF is enabled for sysplex communication but RACF cache structures had not been defined in the coupling facility policy at the time the systems in the group were IPLed. All members of the group are currently in read-only mode.
	Command	`RVARY NODATASHARE`
	Output	See Figure 5.
	Defaults	LIST
6	Operation	User wants to change the operating mode from non-data sharing mode to data sharing mode in order to make use of coupling facility performance enhancements.
	Known	RACF is enabled for sysplex communication. The user IPLed the system in non-data sharing mode to make use of RVARY and SETROPTS propagation, and is now ready to make use of the coupling facility.
	Command	`RVARY DATASHARE`
	Output	See Figure 6.
	Defaults	LIST

Figure 1. Example 1: Output for the RVARY LIST command

   ICH15013I RACF DATABASE STATUS:                     
   ACTIVE  USE   NUM  VOLUME    DATASET            SHR 
   ------  ---   ---  ------    -------            --- 
   YES     PRIM   1   D94RF1    RACF.PRIM.R17.P1       
   YES     BACK   1   D94RF2    RACF.BACK.R17.B1   N   
   YES     PRIM   2   D94RF1    RACF.PRIM.R17.P2       
   YES     BACK   2   D94RF2    RACF.BACK.R17.B2   N

Figure 2. Example 2: Output following deactivation and deallocation of RACF.PRIM1

   ICH15013I RACF DATABASE STATUS:
   ACTIVE  USE   NUM  VOLUME    DATASET
   ------  ---   ---  ------    -------
    NO     PRIM   1   *DEALLOC  RACF.PRIM1
    NO     BACK   1   D94RF1    RACF.BACK1
    YES    PRIM   2   D94RF1    RACF.PRIM2
    NO     BACK   2   D94RF1    RACF.BACK2
    YES    PRIM   3   D94RF1    RACF.PRIM3
    NO     BACK   3   D94RF1    RACF.BACK3

Figure 3. Example 3: Output following the activation of RACF.BACK1

   ICH15013I RACF DATABASE STATUS:
   ACTIVE  USE   NUM  VOLUME    DATASET
   ------  ---   ---  ------    -------
    NO     PRIM   1   *DEALLOC  RACF.PRIM1
    YES    BACK   1   D94RF1    RACF.BACK1
    YES    PRIM   2   D94RF1    RACF.PRIM2
    NO     BACK   2   D94RF1    RACF.BACK2
    YES    PRIM   3   D94RF1    RACF.PRIM3
    NO     BACK   3   D94RF1    RACF.BACK3

Figure 4. Example 4: Output following the RVARY SWITCH,DATASET(RACF.PRIM1) command

   ICH15013I RACF DATABASE STATUS:
   ACTIVE  USE   NUM  VOLUME    DATASET
   ------  ---   ---  ------    -------
    NO     BACK   1   *DEALLOC  RACF.PRIM1
    YES    PRIM   2   D94RF1    RACF.PRIM2
    NO     BACK   2   D94RF1    RACF.BACK2
    YES    PRIM   3   D94RF1    RACF.PRIM3
    NO     BACK   3   D94RF1    RACF.BACK3

Figure 5. Example 5: Output following the RVARY NODATASHARE command

   ICH15019I Initiating propagation of RVARY command to members
     of RACF data sharing group IRRXCF00
   ICH15013I RACF DATABASE STATUS:
   ACTIVE  USE   NUM  VOLUME    DATASET
   ------  ---   ---  ------    -------
    YES    PRIM   1   D94RF1    RACF.BACK1
    NO     BACK   1   *DEALLOC  RACF.PRIM1
    YES    PRIM   2   D94RF1    RACF.PRIM2
    NO     BACK   2   D94RF1    RACF.BACK2
    YES    PRIM   3   D94RF1    RACF.PRIM3
    NO     BACK   3   D94RF1    RACF.BACK3
   MEMBER SYS1  IS SYSPLEX COMMUNICATIONS ENABLED &
           IN NON-DATA SHARING MODE.
   ICH15020 RVARY command has finished processing.

Figure 6. Example 6: Output following the RVARY DATASHARE command

    ICH15019I Initiating propagation of RVARY command to members
     of RACF data sharing group IRRXCF00
    ICH15013I RACF DATABASE STATUS:
    ACTIVE  USE   NUM  VOLUME    DATASET
    ------  ---   ---  ------    -------
    YES     PRIM   1   D94RF1    RACF.BACK1
    NO      BACK   1   *DEALLOC  RACF.PRIM1
    YES     PRIM   2   D94RF1    RACF.PRIM2
    NO      BACK   2   D94RF1    RACF.BACK2
    YES     PRIM   3   D94RF1    RACF.PRIM3
    NO      BACK   3   D94RF1    RACF.BACK3
    MEMBER SYS1  IS SYSPLEX COMMUNICATIONS ENABLED &
           IN DATA SHARING MODE.
    ICH15020 RVARY command has finished processing.