z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Sysplex considerations for the dynamic CDT

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can use the dynamic CDT in a sysplex environment where some systems are not using the dynamic CDT.

When RACF® is enabled for sysplex communications, RACF propagates the following commands to the rest of the sysplex.
  • SETROPTS RACLIST(CDT)
  • SETROPTS RACLIST(CDT) REFRESH
  • SETROPTS NORACLIST(CDT)
This propagation simplifies security management for resource classes in the dynamic CDT.

When RACF is enabled for sysplex communications, RACF propagates the commands listed above to the members of the data-sharing group even when the command fails on the system where it was issued. If the command fails on any of the member systems, RACF does not back out or undo the command execution from the member systems where the command did not fail. This allows you to use the dynamic CDT in a sysplex environment where some systems are downlevel or are not using the dynamic CDT.

When you move a static class to the dynamic CDT in a sysplex environment and the static class is defined with different options on various systems, you will receive different warning messages on each system. Examine the message log on each peer system when you execute the SETROPTS RACLIST(CDT) REFRESH command to ensure that each execution completed as expected.

Parent topic: Administering the dynamic class descriptor table (CDT)

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014