How RACF protects your z/OS data

User identification and authentication

Every user in z/OS is identified by a one to eight character user ID. Access to a user ID can be controlled using authentication techniques such as passwords, password phrases, PassTickets, digitial certificates, Kerberos credentials or IBM Multifactor Authentication.

Decentralized security administration

Installations can decentralize their security administration through the use of groups and the assignment of RACF administrative, auditing, and operational attributes to group administrators.

Discretionary and mandatory access controls

Owners of z/OS data can control who has access to the data using discretionary access control mechanisms such as the access control list and universal access (UACC). In addition to discretionary access controls, security administrators can control a user's access to data through the assignment of sensitivity labels (SECLABELs) to users and data objects.

Logging to the systems management facility (SMF)

Security administrators, resource owners, and auditors all have the ability to specify the logging policy that is to be applied. Log records are written to the Systems Management Facility (SMF).

Support for auditing and reviewing security environment

RACF supplies utilities which enable a content review of the security rules contained in the RACF data base as well as the contents of the RACF log records written to SMF. RACF also provides an overall system security report utility.

RACF Remote Sharing Facility (RRSF)

Physically disparate RACF systems can be connected using the RACF Remote Sharing Facility. These installations can share the RACF database beyond normal disk-sharing among z/OS systems to provide a means of keeping RACF databases by using a communications link (either APPC or TCP/IP).

RACF general user's guide

Read the documentation

You may also be interested in

IBM Security zSecure Manager for RACF z/VM

IBM® Security zSecure™ Manager for Resource Access Control Facility (RACF®) z/VM® improves administration efficiency and auditing compliance. It automates functions to help you optimize IT resources, mitigate complexity, improve security and quality of service, demonstrates regulatory compliance and reduces errors and costs in virtual machine environments. Enhance user management and provisioning for the IBM z/VM® environment, while you unleash the potential of your mainframe system—enabling efficient and effective RACF administration using fewer resources.

Learn more

IBM Security zSecure Alert for RACF

Monitors for security threats and delivers near real-time notification

Learn more

IBM Security zSecure CICS Toolkit

IBM® Security zSecure™ Customer Information Control System (CICS®) Toolkit adds mainframe administration capabilities such as password resets and authorization management to the CICS environment. The software provides the flexibility to distribute security authorization management through CICS transactions for use by local administration. The interface shows only those functions and options that have been delegated to your users, allowing you to extend selected, basic administrative privileges to field administrators while still maintaining control over the types of commands distributed users can execute.

Learn more

IBM Security zSecure Command Verifier

Enforce RACF policies to protect mainframe environments

Learn more

IBM Security zSecure Administration

IBM® Security zSecure™ Administration provides you with tools designed to efficiently administer mainframe security using fewer resources. By automating many recurring system administration tasks, zSecure Administration helps reduce costs, maximize IT resources, reduce errors, improve quality of services and deter privileged user abuse. With a graphical Microsoft Windows interface that enriches functionality, this leading security solution identifies potential problems quickly to minimize the risks of security breaches, strengthening the health of your IT system.

Learn more

IBM Security zSecure Admin

Automate and simplify RACF security and compliance administration

Learn more

IBM Security zSecure Alert

Monitor the mainframe for external and internal security threats

Learn more

IBM Security zSecure Adapters for SIEM

IBM® Security zSecure™ Adapters for SIEM formats and sends near real time enriched mainframe System Management Facility (SMF) audit records to SIEM solutions such as IBM QRadar SIEM. SMF audit records are then included in enterprise-wide integrated security information and event management (SIEM), log management, anomaly detection, incident forensics, configuration checking and vulnerability and risk management. Extend protection against advanced threats and integrate mainframe security with optimal security intelligence by implementing zSecure Adapters for SIEM.

Learn more