Local files and directories are protected by RACF® security rules. You can use permission bits to control access; access control lists (ACLs) can also be used in conjunction with permission bits. For more information, see Using access control lists (ACLs).

Permission bit information is stored in the file security packet (FSP) within each file and directory. (ACLs can also be stored with the file.) Permission bits allow you to specify read authority, write authority, or search authority for a directory. They also allow specification of read, write, or execute authority for a file. Because there are three sets of bits, separate authorities can be specified for the owner of the file or directory, the owning group, and everyone else (such as RACF's universal access authority, or UACC). The owner is represented by a UID. The owning group is represented by a GID. Access checking compares the user's UID and GID to the ones stored in the FSP.

When a security decision is needed, the file system calls RACF and supplies the FSP (and ACL, if one exists). RACF makes the decision, does any auditing, and returns control to the file system. RACF does not provide commands to maintain the FSP (and ACL). System Authorization Facility (SAF) services handle the FSP (and ACL) maintenance. z/OS UNIX provides commands that invoke these SAF services.

For information about using RACF authorization to grant privileges for use of local files and directories, see Table 1.