z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Refreshing profiles for SETROPTS RACLIST processing

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Any changes made to discrete or generic profiles activated for SETROPTS RACLIST processing become effective only when you issue the SETROPTS command with both the RACLIST and REFRESH operands. You can refresh these profiles if you have the SPECIAL attribute.

To refresh the profiles, issue SETROPTS RACLIST(classname) REFRESH. RACF® refreshes classname and all classes that share the same POSIT value on their class descriptor table (CDT) entries.

Guidelines:
  • Whenever you delete a profile, issue the SETROPTS RACLIST REFRESH command immediately. If you don’t, the profile no longer exists in the database, but the BASE, SESSION and ICSF segment information stored in the data space remains until the refresh is done. The mismatch between the database and the data space can cause unexpected results.
  • If you update only the BASE, SESSION and ICSF segments, you can wait to issue the SETROPTS RACLIST REFRESH command until you want the changes to be active. If you update BASE, SESSION, or ICSF segment information, and other segments, issue the SETROPTS RACLIST REFRESH command immediately. If you do not update the BASE, SESSION, or ICSF segments, and you update other segments, you do not need to issue the SETROPTS RACLIST REFRESH command.
For some classes, selected profile data is kept in storage. Changes to these profiles might not be active until you refresh the in-storage profiles. Issuing a SETROPTS RACLIST REFRESH command after you make changes ensures that profile data is consistent. An example of this type of class is PTKTDATA.

You can also use SETROPTS RACLIST REFRESH to refresh a class RACLISTed by a RACROUTE REQUEST=LIST GLOBAL=YES command. RACF deletes the old data space and loads the discrete and generic profiles for the class into a new data space.

Issuing the SETROPTS RACLIST REFRESH command has no effect on which line of SETROPTS LIST output displays a RACLISTed class. If the class were RACLISTed solely by RACROUTE REQUEST=LIST, ENVIR=CREATE, GLOBAL=YES the class will be listed in the GLOBAL=YES RACLIST ONLY = line. Regardless of whether the class was RACLISTed by that means, if it was RACLISTed by SETR RACLIST classname, the class will be listed only in the SETR RACLIST CLASSES = line.

If the RACGLIST class is active and contains a profile named classname, RACF rebuilds or creates the RACGLIST classname_nnnnn profiles to hold the new contents of the new data space. For more information, see The RACGLIST class and Using RACROUTE REQUEST=LIST,GLOBAL=YES support.

Note that you must issue this command each time you want RACF to perform the refresh process. The following example shows how to activate refreshing of SETROPTS RACLIST processing for the DASDVOL and TERMINAL classes. 
SETROPTS RACLIST(DASDVOL TERMINAL) REFRESH

For information about SETROPTS REFRESH processing on shared systems, see Refreshing shared systems (REFRESH option).

Parent topic: SETROPTS RACLIST processing

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014