Guarding against data corruption resulting from incorrect database sharing

When operating RACF® in data sharing mode, a coupling facility is used to cache recently accessed RACF data, and access is serialized to that data to ensure its validity. Corruption will occur when a database is used in data sharing mode, but some system that is not using the coupling facility is also accessing the database. For this reason, if any system is using the database in data sharing mode, then all systems accessing the database must be in the same sysplex and must use the database in data sharing mode.

If a database is being used in data sharing mode and an individual system accesses the same database in non-data sharing mode, data corruption will occur because the coupling facility will not be made aware of any updates made by the system that is in non-data sharing mode.
If a database is in data sharing mode and systems in another sysplex attempt to access the same database, data corruption will occur regardless of the data access mode of the other sysplex. This is because a coupling facility can only span one sysplex.

To help guard against data corruption resulting from incorrect database sharing, systems running z/OS® V1R10 or higher use profiles to track how the RACF database has been accessed. These profiles are named IRRPLEX_sysplex-name and are in the GXFACILI class. The APPLDATA field of an IRRPLEX_sysplex-name profile identifies the data access mode as either "DATA SHARING MODE" or "NON-DATA SHARING MODE". When you IPL a system, use the RVARY ACTIVE command to activate a database, or use the RVARY DATASHARE command to enter data sharing mode, these profiles help the system detect, and notify the system operator, if there are indications that a database is about to be used in a way that risks data corruption. WTOR messages enable the system operator to judge if the system is indeed about to use the database in a way that would cause data corruption, and can cancel the operation to avoid this.

If no IRRPLEX_sysplex-name profile exists for a sysplex at IPL time, the system creates one. The system will determine the initial mode (data sharing mode or non-data sharing mode) of the sysplex using the data sharing bits of the data set name table. Because IRRPLEX_sysplex-name profiles are created automatically during the first IPL of a z/OS V1R10 or higher system, you do not need to manually create them. However, by manually creating IRRPLEX_sysplex-name profiles, you can improve the ability of the system to warn the system operator about potential corruption.

Whether created automatically by the system at IPL time or created manually to improve to efficiency of the database corruption checks, when the data sharing mode of the sysplex is changed by the RVARY command, the system will update the IRRPLEX_sysplex-name profile to reflect this.

If you are using the RACF remote sharing facility (RRSF), keep in mind that changes to IRRPLEX_sysplex-name profiles in the GXFACILI class should not be propagated to remote nodes. When the system creates or modifies an IRRPLEX_sysplex-name profile (at IPL-time or as a result of the mode being changed by the RVARY command), its actions are not propagated to remote nodes even if automatic direction of application updates is active. If you are manually creating or modifying an IRRPLEX_sysplex-name profile (using the RDEFINE, RALTER, and RDELETE commands), and automatic command direction is active for the GXFACILI class, be sure to use the ONLYAT keyword on the command to prevent the changes being propagated to other nodes.