z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling envelope retrieval

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Only applications running in system key or supervisor state can use the R_admin callable service (IRRSEQ00) to retrieve envelopes. In addition, applications must have access to the appropriate resource in the FACILITY class.

The following resources in the FACILITY class control the retrieval of envelopes from RACF® by applications invoking the R_admin callable service (IRRSEQ00).

Resource name Controls retrieval of …
IRR.RADMIN.EXTRACT.PWENV Only password envelopes
IRR.RADMIN.EXTRACT.PPENV Only password phrase envelopes
IRR.RADMIN.EXTRACT.* Both password and password phrase envelopes
You can set the audit options for these resources to log successes, and thus maintain a history of whose passwords and password phrases are retrieved, and by whom. Failures can also be logged. (The log string identifies the user whose password or password phrase was retrieved.)
Parent topic: Overview of enveloping

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014