Abstract for z/VM: RACF Security Server Diagnosis Guide

This topic collection contains information about diagnosing problems that are related to the IBM® RACF® Security Server for z/VM®.

Though this information is specific to z/VM, there are references to z/OS®. These references are applicable only when sharing a RACF database with a z/OS system, Start of changewhich is supported only on z/VM 7.2 and earlier versions.End of change

Intended audience

Thisinformation is for anyone who diagnoses problems that appear to be caused by RACF and for RACF system programmers who intend to use the BLKUPD command to correct problems in the RACF database.

This information assumes that you:
  • Understand basic system concepts and the use of system services
  • Write assembler language programs and read assembler and linkage editor output
  • Understand the commonly-used diagnostic tasks and aids, such as message logs, system dumps, and the Dump Viewing Facility
  • Understand RACF.
Before using this information, collect the following problem data:
  • The problem type, such as an abend
  • An indication that the problem was caused by RACF.

If you do not have this data, see your system diagnosis guide and perform its procedures.

Use this information to diagnose problems in RACF only. If the problem is not caused by RACF, return to your system diagnosis guide to identify the failing component or program product.

Use this information to diagnose problems in RACF as follows:

  1. Identify the problem type.
  2. Collect problem data.
  3. Analyze the problem data to develop symptoms.
  4. Develop search arguments, search problem-reporting databases, and request the problem fix if the problem has been reported before. If not, continue diagnosis.
  5. Collect additional problem data.
  6. Analyze the problem data to isolate the problem.
  7. Report the problem to IBM if assistance is needed or if the problem is new.
The following flowchart illustrates the possible paths to be taken during problem analysis while using this information.
ichb2ig1

Planning for Problem Diagnosis

Before using RACF, consider making the following preparations for diagnosis.
  • Properly install and operate of RACF so that you get adequate problem data (such as messages and dumps) when problems occur.
  • Perform timely and complete backups of the RACF database.
  • Have access to a RACF user with the SPECIAL attribute.
  • Reserve a RACF user ID with the SPECIAL attribute for use only after logon problems are resolved.

    For example, if all users logging on are, through an error, revoked when logging on, then the system security administrator could also be revoked when logging on. After the problem is corrected, the system security administrator could then log on with the user ID that is still active and activate the other user IDs.

  • Prepare to use the following debugging techniques:
    • Obtain messages that have been sent to the system console or the security console
    • Check the console log of the RACF service machines.
  • Prevent common problems by using RACF macros and utilities. See the recommendations in Common Usage Problems with RACF Macros and Utilities.
  • Correct any problems that were caused while using RACF profiles and options. See z/VM: RACF Security Server Security Administrator's Guide for more information.