How RACF protects your z/OS data

User identification and authentication

Every user in z/OS is identified by a one to eight character user ID. Access to a user ID can be controlled using authentication techniques such as passwords, password phrases, PassTickets, digitial certificates, Kerberos credentials or IBM Multifactor Authentication.

Decentralized security administration

Installations can decentralize their security administration through the use of groups and the assignment of RACF administrative, auditing, and operational attributes to group administrators.

Discretionary and mandatory access controls

Owners of z/OS data can control who has access to the data using discretionary access control mechanisms such as the access control list and universal access (UACC). In addition to discretionary access controls, security administrators can control a user's access to data through the assignment of sensitivity labels (SECLABELs) to users and data objects.

Logging to the systems management facility (SMF)

Security administrators, resource owners, and auditors all have the ability to specify the logging policy that is to be applied. Log records are written to the Systems Management Facility (SMF).

Support for auditing and reviewing security environment

RACF supplies utilities which enable a content review of the security rules contained in the RACF data base as well as the contents of the RACF log records written to SMF. RACF also provides an overall system security report utility.

RACF Remote Sharing Facility (RRSF)

Physically disparate RACF systems can be connected using the RACF Remote Sharing Facility. These installations can share the RACF database beyond normal disk-sharing among z/OS systems to provide a means of keeping RACF databases by using a communications link (either APPC or TCP/IP).

RACF general user's guide

Read the documentation

You may also be interested in

IBM Security zSecure Manager for RACF z/VM

Improve RACF z/VM administration, auditing and compliance reporting

Learn more

IBM Security zSecure Alert for RACF

Monitors for security threats and delivers near real-time notification

Learn more

IBM Security zSecure CICS Toolkit

Add mainframe security administration capability to CICS environments

Learn more

IBM Security zSecure Command Verifier

Enforce RACF policies to protect mainframe environments

Learn more

IBM Security zSecure Administration

Optimize mainframe security and simplify administrative tasks

Learn more

IBM Security zSecure Admin

Automate and simplify RACF security and compliance administration

Learn more

IBM Security zSecure Alert

Monitor the mainframe for external and internal security threats

Learn more

IBM Security zSecure Audit

Measure and verify effectiveness of mainframe security policies

Learn more

IBM Security zSecure Adapters for SIEM

Automates and integrates event analysis and compliance monitoring

Learn more

Expert resources to help you succeed

Product documentation

Find answers quickly in IBM product documentation.

IBM Redbooks

Complimentary, step-by-step guides for download and mobile.