z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Summary of rules for automatic direction of application updates

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

  1. When automatic direction of application updates is active, RACF® automatically directs selected application updates made by the following commands and macros to selected remote nodes:
    • ICHEINTY ADD, ALTER, DELETE, DELETEA, and RENAME requests
    • The RACDCERT command
    • The RACMAP command
    • RACDEF
    • RACROUTE REQUEST=DEFINE
    • RACROUTE REQUEST=EXTRACT,TYPE=REPLACE
    • RACXTRT specifying TYPE=REPLACE
  2. If profiles on two or more RRSF nodes are already synchronized, you can use automatic direction of application updates to keep the profiles synchronized with respect to application updates.
  3. RACF directs an application update only after the update has successfully completed on the node where the application is executing.
  4. Not all RACROUTE REQUEST=DEFINE and RACDEF requests update the RACF database, and RACF does not automatically direct requests that do not update the database. RACROUTE REQUEST=DEFINE and RACDEF are not automatically directed if:
    • ENVIR=VERIFY is specified
    • RACFIND=NO is specified and DSTYPE=T is not specified
  5. RACROUTE REQUEST=VERIFY and RACINIT update the RACF database by issuing ICHEINTY macros. RACF automatically directs the following ICHEINTY requests made by RACROUTE REQUEST=VERIFY and RACINIT:
    • The ICHEINTY setting the revoke flag in the user profile when a user is being revoked due to inactivity or password attempts that are not valid
    • The ICHEINTY that increments the revoke count when a user enters a password that is not valid
    • The ICHEINTY that resets the revoke count to 0 when a user enters a valid password, if the revoke count for the user was nonzero before the update was made
  6. Automatic direction of the ICHEINTY that RACROUTE REQUEST=VERIFY issues to change the password in the user's profile is controlled by automatic password direction, and not by automatic direction of application updates.
  7. When a RACROUTE REQUEST=DEFINE, or a RACDEF, issues an ICHEINTY, RACF does not direct the ICHEINTY separately.
  8. Automatic command direction determines whether a RACF command is directed. If a command issues a RACROUTE or ICHEINTY, that RACROUTE or ICHEINTY is not directed by automatic direction of application updates.
  9. Use the AUTOAPPL and NOAUTOAPPL options on the RACF SET command to activate and deactivate automatic direction of application updates. Use the OUTPUT and NOTIFY values of SET AUTOAPPL to specify which users will be notified of results and receive output from automatically directed application updates.
  10. Profiles in the RRSFDATA class control which application updates are automatically directed to which nodes.
Parent topic: Using automatic direction of application updates

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014