RACF facilities

CICS® uses a number of RACF® facilities in order to protect its resources.

RACF provides the following facilities:
  • The necessary functions to record information identifying individual users of system resources, and information identifying the resources that require protection. The information you define to RACF about users and resources is stored in user and resource profiles.
  • The facilities to define which users, or groups of users, are either permitted access, or excluded from access, to the resources for which profiles have been defined. The information recording the users, or groups of users, permitted to access any particular resource is held in an access list within the profile that protects a resource.
  • A method to process requests, issued by subsystems or jobs running in an MVS™ system, to authenticate the identity of users defined to RACF, and to check their access authorization to resources.
  • The facilities for logging security-related events, such as users signing on and signing off, the issuing of RACF commands, and attempts to access protected resources. Successful attempts to access protected resources may be recorded by the MVS System Management Facility (SMF). If you want to record all attempts to access protected resources, whether successful or not, use RACF auditing, as described in the z/OS Security Server RACF Auditor's Guide . The RACF auditor can run the RACF report writer to generate reports based on the SMF records. For more information on logging RACF audit messages to SMF, see Logging RACF audit messages to SMF.

    For information on using RACF to perform auditing functions (specifying auditing operands on RACF commands, and using the RACF report writer to generate reports of audited security-related activity), see the z/OS Security Server RACF Auditor's Guide .