z/OS Security Server RACF Command Language Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACF operator commands

z/OS Security Server RACF Command Language Reference
SA23-2292-00

The RACF® operator commands allow you to perform RACF functions from an operator console. For a complete list of the RACF commands that can be entered as RACF operator commands, see Table 1.
Note: Use of these commands requires that the RACF subsystem has been started. If the RACF subsystem has not been started at your installation, contact your system programmer.
These commands allow an MVS operator to perform certain RACF operations in the RACF subsystem. The RACF subsystem prefix in front of the command identifies the RACF subsystem as the processing environment. Some things to remember:
  • RACF operator commands require an MVS environment with the RACF subsystem active.
  • The DISPLAY and SIGNOFF commands require APPC/MVS and persistent verification.
  • If a command can be issued as both a RACF TSO command or a RACF operator command:
    • RACF first checks that the issuer is defined to RACF and if not, an error message is issued.

      If you are defined to RACF, RACF verifies that you have sufficient authority to the proper resource in the OPERCMDS class to determine if you have authority to issue the command as an operator command. See z/OS Security Server RACF Security Administrator's Guide for further information.

      If the OPERCMDS class is not active, or if no OPERCMDS profile exists, then the user is allowed to issue the command as a RACF operator command.

    • You must to be logged on to the console to issue the command as a RACF operator command.
    Note: The RVARY command is the exception, because it can be issued as both a RACF TSO command and an RACF operator command but does not have to fit these circumstances.
  • If a command can be issued as a RACF operator command, but not as a RACF TSO command:
    • RACF first checks to see if you have OPERCMDS authority. If the user is logged on to the console, the OPERCMDS class is active, and a OPERCMDS profile exists, you have OPERCMDS authority.
    • If you are not logged on to the console, the OPERCMDS class is inactive, or no OPERCMDS profile exists, you can only issue the command from the master console or a console with system authority.
      Note: The DISPLAY command is the exception, because it can be issued under these circumstances without any particular console authority.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014