RACF database utilities

The RACF® utilities are used for maintaining, modifying, copying, unloading, and monitoring the RACF database.
Table 1. RACF utilities described in this chapter
Utility Description More information
IRRIRA00 Converts an existing RACF database to use an alias index for application identity mapping RACF internal reorganization of aliases utility program (IRRIRA00)
IRRMIN00
  • Formats a DASD data set for use as a RACF database
  • Updates an existing RACF database with a new set of templates
  • Activates a new set of templates on a system
 RACF database initialization utility program (IRRMIN00)
IRRUT100 Lists all the occurrences of a user ID or group name in the RACF database RACF cross reference utility program (IRRUT100)
IRRUT200
  • Provides information about the size and organization of a RACF database
  • Identifies inconsistencies in a RACF database
  • Copies a RACF database
 RACF database verification utility program (IRRUT200)
IRRUT400
  • Identifies inconsistencies in a RACF database
  • Copies a RACF database
  • Redistributes data between data sets in the RACF database
  • Reorganizes the RACF database
 RACF database split/merge/extend utility program (IRRUT400)
Note: For a summary of RACF utilities described in other areas of the RACF library, see Utilities documented in other documents.
Note:
  1. If you are sharing a database, the templates must match the latest level of code on the sharing systems. Run the IRRMIN00 utility for the latest release to update the database templates.
  2. Run z/OS® Security Server (RACF) utilities only on a z/OS Security Server (RACF) system. Do not use RACF utilities with an earlier release of RACF, and do not run utilities from an earlier release of RACF on your system. The exceptions to this are IRRMIN00 and IRRUT100, which can be run on a lower-level system.
  3. In general, if you are sharing a RACF database between systems at different levels, you can run any of the utilities, except IRRMIN00 and IRRUT400, from any of the sharing systems. For example, if a z/OS V1R5 system is sharing a database with a z/OS V1R6 system, you can run the IRRUT200 utility from either the V1R5 system or the V1R6 system. To get the most functionality, though, run the utility from the latest level system sharing the database. For IRRMIN00 and IRRUT400, always run the latest level of the utility. You can run IRRMIN00 on either the latest level system sharing the database, or on an earlier system using JCL that includes a STEPLIB to an APF-authorized library that contains the latest version of the utility. Run IRRUT400 on the latest level system sharing the database. For restrictions involving the IRRIRA00 utility, see RACF internal reorganization of aliases utility program (IRRIRA00).
  4. A RACF database must not reside in the extended addressing area of DASD volumes. If a RACF database is allocated in the extended addressing area, RACF and its related utilities may not work correctly. To ensure that RACF databases are not allocated in the extended addressing area, the following DD statements for the following RACF utilities must not contain the keyword parameter EATTR unless its value is NO (EATTR=NO):
    • the SYSRACF DD statement for the IRRMIN00 utility
    • the SYSUT1 DD statement for the IRRUT200 utility
    • the OUTDD DD statement for the IRRUT400 utility