Once a peer user ID association is established, either user in the association can use the AT option to direct allowed RACF® commands to run under the other user's authority. The commands run in the RACF subsystem address space at the other user's node.

The user specifies as the target node a node in an association and a node the user is allowed to direct to via RRSFDATA profiles. Commands can be directed only to a node with which the user has a RACLINK association. In addition, the user must have access to the DIRECT.nodename profile. If this is not true, the command cannot be directed unless the commands can be directed to your own ID on the local node only without any RACLINK association.

The target user ID specified in the AT option becomes the user ID that RRSF uses to determine if the requested command can be executed. That is, the user ID effectively becomes the command issuer at the target node and RRSF checks to see if that user ID has the proper authority to run the requested command.

When the command arrives, RRSF creates a subtask in the RACF subsystem address space for the specified user ID and performs authority checking while processing the requested command.

RACF TSO commands that specify command direction run asynchronously, that is, the command issuer does not wait until the command completes processing, and the command output is not automatically displayed at the command issuer's terminal. When the command completes processing, the command issuer might receive a TSO SEND message.

Any command output created via the PUTLINE service is captured by RRSF and saved in the issuing user's RRSFLIST data set.