System Authorization Facility (SAF) provides a system interface that conditionally directs control to RACF® or any other security product when a request is received from a resource manager. To improve the performance of security checking done for z/OS® UNIX, define the BPX.SAFFASTPATH FACILITY class profile. Defining the profile reduces overhead when doing z/OS UNIX security checks for a wide variety of operations. These checks include file access checking, IPC access checking, and process ownership checking.

When the BPX.SAFFASTPATH FACILITY class profile is defined, the security product is not called if z/OS UNIX can quickly determine that file access will be successful. When the security product is bypassed, better performance is achieved, but the audit trail of successful accesses is eliminated.

If the security product is called, it is still possible that access will be successful, and that audit records will be created; for example, when the permission bits do not grant access, but UNIXPRIV authority, or an access control list, does.

Be aware that auditing successful accesses can generate enormous amounts of audit records, particularly for directory searches.