Choosing between using RACF TSO commands and ISPF panels
In general, you can perform the same RACF® functions using RACF TSO commands and ISPF panels.
The RACF TSO commands provide the
following advantages:
- Entering commands can be faster than displaying many panels in sequence.
- Using commands from the documented examples is more straightforward. (The examples in the RACF documents are generally command examples.)
- Getting online help for RACF TSO
commands You can get online help for the RACF TSO commands documented in z/OS Security Server RACF Command Language Reference.
- To see online help for the PERMIT command, for example, enter:
HELP PERMIT - To limit the information displayed, specify operands on the HELP
command. For example, to see only the syntax of the PERMIT command,
enter:
HELP PERMIT SYNTAX
Restriction: TSO online help is not available when RACF commands are entered as RACF operator commands.
- To see online help for the PERMIT command, for example, enter:
- Getting message ID information If a RACF TSO command fails, you receive a message. If you do not get a message ID, enter:
Reenter the RACF TSO command that failed. The message appears with the message ID. See z/OS Security Server RACF Messages and Codes for help if the message ID starts with ICH or IRR.PROFILE MSGIDRestriction: PROFILE MSGID cannot be entered as a RACF operator command.
The ISPF panels provide the following advantages:
- When you use the panels, you avoid having to memorize a command and type it correctly. Panels can be especially useful if the command is complex or you perform a task infrequently.
- ISPF creates in the ISPF log a summary record of the work that you do. Unless you use the TSO session manager, the RACF commands do not create such a record.
- From the panels, you can press the HELP key to display brief descriptions of the fields on the panels.
- The options chosen when installing the RACF panels determine whether output (for example, profile listings, search results, and RACF options) is displayed in a scrollable form.
- The ISPF panels for working with password rules allow you to enter all of the password rules on one panel. Figure 1 shows one of these panels.
- When you use the ISPF panels to update a custom field definition in the CFDEF segment, the current values are displayed. You can then overtype the values to make changes.
- When you use the ISPF panels to add, update, or delete custom field information (CSDATA segment fields) in a user or group profile, the panels are primed with the custom field names and values. You can then make additions, changes, and deletions.
Limitations: The following limitations apply to the use
of the ISPF panels:
- The ISPF panels do not support all options of all commands. For example, the SETROPTS PASSWORD option to activate and deactivate mixed-case password support is not available through the RACF panels.
- The ISPF RACF panels are
limited to 32000 lines of command output. If the output listing for
a command (most commonly, the RLIST command) exceeds 32000 lines,
the output is truncated at the 32000 line limit and an error is likely
to occur. To avoid this limitation, use one of the following alternate
methods:
- Issue the command using a batch execution of the terminal monitor program (TMP) and use the SDSF XD command to store the output in a data set.
- Create a report using output from the RACF database unload (IRRDBU00) utility.
Figure 1. Sample
ISPF panel for RACF
RACF - SET PASSWORD FORMAT RULES
COMMAND ===>
Enter PASSWORD FORMAT RULES:
MINIMUM MAXIMUM
LENGTH LENGTH FORMAT
RULE 1: __ __ ________
RULE 2: __ __ ________
RULE 3: __ __ ________
RULE 4: __ __ ________
RULE 5: __ __ ________
RULE 6: __ __ ________
RULE 7: __ __ ________
RULE 8: __ __ ________
To cancel an existing rule, enter NO for MINIMUM LENGTH.
To specify FORMAT, use the following codes for each character position:
* = Any Character $ = National V = Vowel N = Numeric
C = Consonant A = Alphabetic v = Mixed Vowel m = Mixed Numeric
c = Mixed Consonant L = Alphanumeric W = No Vowel