ADDGROUP |
- Define one or more new groups as a subgroup of an existing group.
- Specify a model data set profile for a group.
- Add a custom field for a group.
- Define default DFP information for a group.
- Define the z/OS UNIX information
for a group.
- Define a group as a universal group.
|
ADDSD |
- RACF-protect one or more existing data sets.
- RACF-define one or more data sets brought from another system
where they were RACF-protected.
- RACF-define generic data set profiles.
- Create a new data set model profile.
|
ADDUSER |
- Define one or more new users and connect the users to their default
connect group.
- Define a password, or a password and password phrase, for one
or more users.
- Specify a model data set profile for a user.
- Add a custom field for a user.
- Specify information related to one or more segments, such as the
TSO and OMVS segments, of the user profile.
|
ALTDSD |
- Change one or more discrete or generic data set profiles.
- Protect a single volume of a multivolume, non-VSAM DASD data set.
- Remove protection from a single volume of a multivolume, non-VSAM
DASD data set.
|
ALTGROUP |
- Change information in one or more group profiles (such as the
superior group, owner, or model profile name).
- Change or delete a custom field for a group.
- Change or delete the default DFP information for a group.
- Add, change, or delete information for the z/OS UNIX group.
|
ALTUSER |
- Change information in one or more user profiles (such as the owner,
universal access authority, or security level).
- Revoke or reestablish one or more users' privileges to access
the system.
- Specify logging of information about the user, such as the commands
the user issues.
- Change the password or password phrase for one or more users.
- Add, change, or delete information related to one or more segments,
such as the TSO and OMVS segments, of the user profile.
|
CONNECT |
- Connect one or more users to a group.
- Modify one or more users' connection to a group.
- Revoke or reestablish one or more users' privileges to access
the system.
|
DELDSD |
- Delete one or more discrete or generic data set profiles.
- Delete a discrete data set profile for a tape data set, while
retaining the data set name in the TVTOC.
- Remove a data set profile, but leave the data set RACF-indicated,
when moving a RACF-protected data set to another system that has RACF.
|
DELGROUP |
- Delete one or more groups and their relationship to the superior
group.
|
DELUSER |
- Delete one or more users and remove all of their connections to RACF groups.
|
DISPLAY |
- Display users signed on to a RACF subsystem.
|
HELP |
- Display the function and proper syntax of RACF commands.
|
LISTDSD |
- List the details of one or more discrete or generic data set profiles,
including the users and groups authorized to access the data sets.
- Determine the most specific matching generic profile for a data
set.
- Perform a local refresh of generic DATASET profiles.
|
LISTGRP |
- List the details of one or more group profiles, including
the users connected to the group.
- List only the information contained in a specific segment (for
example, OMVS or CSDATA) of the group profile.
- Display limited information if the group is a UNIVERSAL group.
|
LISTUSER |
- List the details of one or more user profiles, including all of
the groups to which each user is connected.
- List only the information contained in a specific segment (for
example, OMVS or CSDATA) of the user profile.
|
PASSWORD or PHRASE |
- Change your own user password or password phrase.
- Change one or more users' change interval for passwords and password
phrases.
- Reset one or more user passwords to their default values.
|
PERMIT |
- Give or remove authority to access a resource to specific users
or groups.
- Change the level of access authority to a resource for specific
users or groups.
- Copy the list of authorized users from one resource profile to
another.
- Delete an existing access list.
|
RACDCERT |
- List information about the certificates for a specified RACF-defined
user ID, or your own user ID.
- Add a certificate and associate it with a specified RACF-defined
user ID, or your own user ID, and set the TRUST status.
- Check to see if a certificate has been defined to RACF.
- Alter the TRUST status or label for a certificate.
- Delete a certificate.
- List a certificate contained in a data set and determine if it
is associated with a RACF-defined user ID.
- Add or remove a certificate from a key ring.
- Create, delete, or list a key ring.
- Generate a public/private key pair and certificate, replicate
a digital certificate with a new public/private key pair, or retire
the use of an existing private key.
- Write (export) a certificate or certificate package to a data
set.
- Create a certificate request.
- Create, alter, delete, or list a certificate name filter (user
ID mapping).
- Add, delete, or list a z/OS® PKCS
#11 token.
- Bind a certificate to a z/OS PKCS
#11 token.
- Remove (unbind) a certificate from a z/OS PKCS #11 token.
- Import a certificate (with its private key, if present) from a z/OS PKCS #11 token and add it
to RACF.
|
RACLINK |
- Define, approve, and delete (undefine) a user ID association.
- List information related to a user ID association.
- Establish password synchronization between user IDs.
|
RACMAP |
- Create an association between a distributed user identity and
a RACF user ID.
- Define, delete, list, and query a distributed identity filter.
|
RACPRIV |
- List, activate, and inactivate the user's write-down setting.
- Reset the user's write-down setting to the installation-defined
default.
|
RALTER |
- Change the discrete or generic profiles for one or more resources
whose class is defined in the class descriptor table.
- Define, change, or delete attributes for classes in the dynamic
class descriptor table.
- Maintain the global access checking table.
- Maintain security categories and security levels.
- Define, change, or delete information related to one or more segments
of a general resource profile.
|
RDEFINE |
- RACF-protect by a discrete or generic profile any resource whose
class is defined in the class descriptor table.
- Define attributes for classes in the dynamic class descriptor
table.
- Define entries in the global access checking table.
- Define security categories and security levels.
- Define information related to one or more segments of a general
resource profile.
|
RDELETE |
- Remove RACF-protection from one or more resources whose class
is defined in the class descriptor table.
- Delete the global access checking tables.
- Delete the security category and security level tables.
- Delete a class from the list of classes for which RACF saves RACLISTed results on the RACF database.
|
REMOVE |
- Remove one or more users from a group and assign a new owner for
any group data sets owned by the users.
|
RESTART |
- Restart a function in the RACF subsystem
address space.
- Restart the connection to a specific member system on a multisystem
node.
|
RLIST |
- List the details of discrete or generic profiles for one or more
resources whose class is defined in the class descriptor table.
- List the contents of one or more segments of a general resource
profile.
- Perform a local refresh of generic general resource profiles.
|
RVARY |
- Dynamically deactivate and reactivate the RACF function.
- Dynamically deactivate and reactivate the RACF primary and backup database.
- Switch the primary and backup RACF databases.
- Deactivate resource protection, for any resource whose class is
defined in the class descriptor table, while RACF is deactivated.
- Select operational mode when RACF is enabled for sysplex communication.
|
SEARCH |
- Obtain a list of RACF profile
names that meet the search criteria for a class of, resources, users,
or groups. These profile names can then be displayed on your terminal.
- Profile names that contain a specific character string
- Profiles for resources that have not been referenced for more
than a specific number of days
- Profiles that RACF recognizes
as model profiles
- Data set and general resource profiles that contain a level equal
to or greater than the level you specify
- User and resource profiles that contain a security label that
matches the security label you specify.
- User and resource profiles that contain a security level that
matches the security level that you specify
- User and resource profiles that contain an access category that
matches the access category that you specify.
- User profiles that contain an OMVS UID equal to the UID you specify.
- Group profiles that contain an OMVS GID equal to the GID you specify.
- Profiles for tape volumes that contain only data sets with an
expiration date that matches the criteria you specify.
- Profiles for data sets that reside on specific volumes (or VSAM
data sets that are cataloged in catalogs on specific volumes).
- Profiles for tape data sets, non-VSAM DASD data sets, or VSAM
data sets.
- Format the selected profile names with specific character strings
into a series of commands or messages and retain them in a CLIST data
set.
- Create a CLIST of the RACF profile
names that meet a search criteria for a class of resources.
|
SET |
- List information related to RACF remote sharing facility (RRSF) on the
local node.
- List the value for the template version following the FMID/APAR
value.
- Specify the name of a member of the RACF parameter
library to be processed by RACF.
- Enable and disable tracing for specified events.
- Specify options for automatic command direction.
- Improve performance of generic profiles by specifying GENERICANCHOR
options.
|
SETROPTS |
Dynamically set system-wide options relating to resource protection,
specifically: - Choose the resource classes that RACF is
to protect.
- Gather and display RACF statistics.
- Set the universal access authority (UACC) for terminals.
- Specify logging of certain RACF commands
and events.
- Permit list-of-groups access checking.
- Display options currently in effect.
- Enable or disable generic profile checking on a class-by-class
basis.
- Control user password syntax rules.
- Activate checking for previous passwords and password phrases.
- Limit unsuccessful attempts to access the system using incorrect
passwords and password phrases.
- Control maximum and minimum change intervals for passwords and
password phrases.
- Control mixed-case passwords.
- Warn of password expiration.
- Control global access checking for selected individual resources
or generic names with selected generalized access rules.
- Set the passwords for authorizing use of the RVARY command.
- Initiate® refreshing
of in-storage generic profile lists and global access checking tables.
- Enable or disable shared generic profiles for general resources
in common storage.
- Enable or disable shared profiles through RACLIST processing for
general resources.
- Activate or deactivate auditing of access attempts to RACF-protected
resources based on installation-defined security levels.
- Activate enhanced generic naming.
- Control the use of automatic data set protection (ADSP).
- Activate profile modeling for GDG, group, and user data sets.
- Activate protection for data sets with single-level names.
- Control logging of real data set names.
- Control the job entry subsystem (JES) options.
- Activate tape data set protection.
- Control whether or not data sets must be RACF-protected.
- Control the erasure of scratched DASD data sets.
- Activate program control.
- Control whether a profile creator's user ID is automatically added
to the profile's access list.
- Make the name of the local RACF registry
available to EIM services.
- Control use of the dynamic class descriptor table.
- Control multilevel security options.
|
SIGNOFF |
- Sign off users from a RACF subsystem.
|
STOP |
- Stop the RACF subsystem
address space.
|
TARGET |
- List the operational and network protocol attributes of one or
more RRSF nodes.
- Add or modify an RRSF node.
- Convert a remote RRSF node from one network protocol to another.
- Add a network protocol or modify protocol attributes for an RRSF
node.
- Activate or inactivate an RRSF node or a protocol instance for
an RRSF node.
- Specify a prefix and other attributes for the workspace data sets
allocated and used by each RRSF node.
- Purge a workspace data set for an RRSF node.
- Delete an RRSF node or a protocol instance for an RRSF node.
|