Authorized applications, such as servers, that invoke the R_datalib callable service (IRRSDL00 or IRRSDL64) can extract private keys and manage certificate serial numbers. You authorize these applications for these functions by administering the same FACILITY class resources checked by the RACDCERT command. See Controlling the use of the RACDCERT command.

Authorized applications can also use R_datalib callable service to create key rings (except virtual key rings) and populate them by connecting certificates. For authorization details about all functions of R_datalib, see "RACF® Authorization" for R_datalib (IRRSDL00 or IRRSDL64) in z/OS Security Server RACF Callable Services.