How RACF protects your z/OS data

User identification and authentication

Every user in z/OS is identified by a one to eight character user ID. Access to a user ID can be controlled using authentication techniques such as passwords, password phrases, PassTickets, digitial certificates, Kerberos credentials or IBM Multifactor Authentication.

Decentralized security administration

Installations can decentralize their security administration through the use of groups and the assignment of RACF administrative, auditing, and operational attributes to group administrators.

Discretionary and mandatory access controls

Owners of z/OS data can control who has access to the data using discretionary access control mechanisms such as the access control list and universal access (UACC). In addition to discretionary access controls, security administrators can control a user's access to data through the assignment of sensitivity labels (SECLABELs) to users and data objects.

Logging to the systems management facility (SMF)

Security administrators, resource owners, and auditors all have the ability to specify the logging policy that is to be applied. Log records are written to the Systems Management Facility (SMF).

Support for auditing and reviewing security environment

RACF supplies utilities which enable a content review of the security rules contained in the RACF data base as well as the contents of the RACF log records written to SMF. RACF also provides an overall system security report utility.

RACF Remote Sharing Facility (RRSF)

Physically disparate RACF systems can be connected using the RACF Remote Sharing Facility. These installations can share the RACF database beyond normal disk-sharing among z/OS systems to provide a means of keeping RACF databases by using a communications link (either APPC or TCP/IP).

RACF general user's guide

Read the documentation

You may also be interested in

IBM Security zSecure Manager for RACF z/VM

IBM® Security zSecure™ Manager for Resource Access Control Facility (RACF®) z/VM® improves administration efficiency and auditing compliance. It automates functions to help you optimize IT resources, mitigate complexity, improve security and quality of service, demonstrates regulatory compliance and reduces errors and costs in virtual machine environments. Enhance user management and provisioning for the IBM z/VM® environment, while you unleash the potential of your mainframe system—enabling efficient and effective RACF administration using fewer resources.

Learn more

IBM Security zSecure Alert for RACF

Monitors for security threats and delivers near real-time notification

Learn more

IBM Security zSecure CICS Toolkit

IBM® Security zSecure™ Customer Information Control System (CICS®) Toolkit adds mainframe administration capabilities such as password resets and authorization management to the CICS environment. The software provides the flexibility to distribute security authorization management through CICS transactions for use by local administration. The interface shows only those functions and options that have been delegated to your users, allowing you to extend selected, basic administrative privileges to field administrators while still maintaining control over the types of commands distributed users can execute.

Learn more

IBM Security zSecure Command Verifier

IBM® Security zSecure™ Command Verifier provides an additional security layer that enables you to compare each IBM Resource Access Control Facility (RACF®) command to your security policies prior to processing. Prevent security changes that can reduce the availability and compliance of systems and cause security database pollution, policy violations and security vulnerabilities. Take control of RACF commands to provide the continuous security and compliance of your RACF environment.

Learn more

IBM Security zSecure Admin

IBM® Security zSecure™ Admin automates and simplifies IBM Resource Access Control Facility (RACF®) security and compliance administration tasks and enhances RACF delegation capabilities and identity governance. By automating many recurring system administration functions and enhancing the native RACF authorization and delegation capabilities, zSecure Admin helps you maximize IT resources, reduce errors, increase efficiency, improve service quality and identify problems quickly to help minimize security risks and demonstrate compliance.

Learn more

IBM Security zSecure Alert

IBM® Security zSecure™ Alert helps you establish mainframe monitoring as part of your enterprise threat monitoring approach, monitoring for internal and external threats and improper configurations. zSecure Alert provides responsive incident management and streamlines audit efforts to reduce security housekeeping on the mainframe, enhance your system availability and supplement access controls. With automated real-time compliance monitoring on the mainframe, it helps reduce your cost and exposure.

Learn more

IBM Security zSecure Audit

IBM® Security zSecure™ Audit measures and verifies the effectiveness of mainframe security policies for IBM Resource Access Control Facility (RACF®), CA-ACF2 and CA Top Secret Security. zSecure Audit generates reports to quickly locate problems associated with a particular resource — such as an unprotected data set — to provide vulnerability analysis of your mainframe infrastructure. It also provides a compliance framework for testing against industry regulations. As a result, you can reduce errors and improve overall quality of service.

Learn more

Expert resources to help you succeed

Product documentation

Find answers quickly in IBM product documentation.

IBM Redbooks

Complimentary, step-by-step guides for download and mobile.