z/OS Security Server RACF System Programmer's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


How a directed command travels through the network

z/OS Security Server RACF System Programmer's Guide
SA23-2287-00

Figure 1 illustrates the journey of a directed RACF® command through an RRSF network. The network contains two RRSF nodes, NODEA and NODEB, that use APPC to communicate. The LU name for NODEA is LUA, and the LU name for NODEB is LUB. User ID PAT on NODEA has a peer user ID association defined with user ID PATL on NODEB. User ID PATL is defined on NODEB and has authorization to delete user DUDLEY. The prefix for the workspace data sets is RRSF.QUEUES for both NODEA and NODEB.

Figure 1. A directed command traveling through an RRSF network that uses APPC
A directed command traveling through an RRSF network that uses APPC
A directed command is processed as follows:
  1. User PAT on NODEA issues the command DELUSER DUDLEY AT(NODEB.PATL).
  2. RACF on NODEA determines that the command is a directed command, and verifies that:
    1. User ID PAT on NODEA has an association defined with user ID PATL on NODEB.
    2. User ID PAT on NODEA is authorized (via an RRSFDATA profile) to direct commands to NODEB.
    If both conditions are met, RACF sends the command to the RACF subsystem address space.
  3. The RACF subsystem address space processes the command as follows:
    1. RACF on NODEA masks the command using the Commercial Data Masking Facility (CDMF) algorithm implemented with a fixed key. The purpose of this masking is to protect against inadvertent casual viewing of the data while it is in the workspace data sets and during transmission. (This protection supplements the protection that classes such as APPCSERV and APPCLU provide to the data during transmission, and that RACF DATASET authorization provides to the data while it is in the workspace data sets.)
    2. RACF on NODEA saves a copy of the masked command in the OUTMSG workspace data set, RRSF.QUEUES.LUA.LUB.OUTMSG.
    3. If the connection between NODEA and NODEB is operative, RACF on NODEA passes the command to APPC/MVS. If the connection is dormant, RACF waits for it to become operative before passing the command to APPC/MVS.
  4. APPC/MVS transmits the masked command from NODEA to NODEB.
  5. APPC/MVS passes the masked command to RACF on NODEB.
  6. RACF processes the command as follows:
    1. RACF on NODEB saves a copy of the masked command in the INMSG workspace data set RRSF.QUEUES.LUB.LUA.INMSG.
    2. RACF on NODEB notifies RACF on NODEA by way of APPC/MVS that the command has been written to the INMSG workspace data set.
    3. RACF on NODEA deletes the command from the OUTMSG workspace data set, RRSF.QUEUES.LUA.LUB.OUTMSG. Note that the deletion does not occur until after the command is received on NODEB to prevent loss of the command if transmission errors occur, thus ensuring data integrity.
    4. RACF on NODEB unmasks the masked command.
    5. RACF on NODEB verifies that user ID PATL exists on NODEB and that PATL on NODEB has an association with PAT on NODEA.
    6. RACF on NODEB runs the command in the RACF subsystem address space with the authority of PATL, and deletes user DUDLEY.
    7. RACF on NODEB masks the command output using the CDMF algorithm.
    8. RACF on NODEB saves a copy of the masked output in the OUTMSG workspace data set RRSF.QUEUES.LUB.LUA.OUTMSG.
    9. If the connection between NODEA and NODEB is operative, RACF on NODEB passes the masked output to APPC/MVS. If the connection is dormant, RACF waits for it to become operative before passing the command output to APPC/MVS.
  7. APPC/MVS transmits the masked command output from NODEB to NODEA.
  8. APPC/MVS passes the masked command output to RACF on NODEA.
  9. RACF on NODEA saves a copy of the masked command output in the INMSG workspace data set RRSF.QUEUES.LUA.LUB.INMSG. RACF on NODEA notifies RACF on NODEB by way of APPC/MVS that the output has been received. RACF on NODEB deletes the command output from the OUTMSG workspace data set RRSF.QUEUES.LUB.LUA.OUTMSG.
  10. RACF on NODEA unmasks the command output, stores it in user ID PAT's RRSFLIST data set, and deletes the saved copy in the INMSG workspace data set RRSF.QUEUES.LUA.LUB.INMSG.
  11. RACF on NODEA uses SEND to notify user ID PAT that the command has completed.
If user PAT on NODEA had originally issued the command DELUSER DUDLEY ONLYAT(NODEB.PATL), using the ONLYAT keyword instead of the AT keyword, the processing for the command would have been the same, with the following exceptions:
  • Step 2.b would have been replaced by a check that user ID PAT on NODEA had SPECIAL authority.
  • Step 6.e would have additionally checked whether user ID PATL on NODEB had SPECIAL authority.
Parent topic: The RRSF network

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014