Technical

The following questions provide technical orientation.

  1. What RACF® exit routines are used, and what functions do they perform? The following list identifies the exits. You can use the DSMON reports to answer this particular question.
    • Exit Routine
      Function
      ICHDEX01
      password authentication
      ICHDEX11
      password authentication
      ICHRIX01
      RACROUTE REQUEST=VERIFY preprocessing
      ICHRIX02
      RACROUTE REQUEST=VERIFY postprocessing
      ICHRCX01
      RACROUTE REQUEST=AUTH preprocessing
      ICHRCX02
      RACROUTE REQUEST=AUTH postprocessing
      ICHRDX01
      RACROUTE REQUEST=DEFINE preprocessing
      ICHRDX02
      RACROUTE REQUEST=DEFINE postprocessing
      ICHCCX00
      command preprocessing
      ICHCNX00
      command preprocessing
      ICHRFX01
      RACROUTE REQUEST=FASTAUTH preprocessing
      ICHRFX02
      RACROUTE REQUEST=FASTAUTH postprocessing
      ICHRFX03
      RACROUTE REQUEST=FASTAUTH preprocessing
      ICHRFX04
      RACROUTE REQUEST=FASTAUTH postprocessing
      ICHPWX01
      new password
      ICHPWX11
      new password phrase
      ICHRLX01
      RACROUTE REQUEST=LIST pre/postprocessing
      ICHRLX02
      RACROUTE REQUEST=LIST selection
      ICHRSMFE
      report writer
      IRRACX01
      ACEE compression and expansion
      IRRACX02
      ACEE compression and expansion
      IRREVX01
      command pre/postprocessing
      IRRVAF01
      custom field validation exit
  2. How are the exit routine functions and changes authorized and controlled?
  3. Who is allowed to update exit routine code (both source and load form)?
  4. What SETROPTS options are used? Are any important protection or monitoring functions set off?
  5. Have basic RACF facilities been enhanced, excluding exit routine code?
  6. How many primary RACF databases are there? You can use the DSMON reports to answer this particular question.
  7. Does each primary RACF database have a backup on a different volume? You can use the DSMON reports to answer this particular question.
  8. What other backup facilities exist for RACF databases?
  9. How is the RACF database synchronized after a restore?
  10. Are all RACF databases adequately protected, and who has access to them? You can use the DSMON reports to answer this particular question.
  11. How does the installation control the switching and deactivating of the RACF databases (RVARY command, IPL/database name table)?
  12. Are any special checks required on the use of PERMIT?
  13. How are passwords and password phrases protected against disclosure when batch jobs are submitted through internal readers?
  14. How are restores of entire volumes handled? How are synchronization problems between volumes and the RACF databases resolved?
  15. What are the RACF class names as defined in the class descriptor table? What are the UACCs associated with these names? Can OPERATIONS users access the resources by default? You can use the DSMON reports to answer this particular question.
  16. Is there a global access table, and what resources are specified in the table? You can use the DSMON reports to answer this particular question.
  17. What is in the started procedures table (ICHRIN03), and is the authority of the associated user IDs appropriate? You can use the DSMON reports to answer this particular question.
Parent topic: RACF implementation