z/OS Security Server RACF System Programmer's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Sharing a database with sysplex communication in data sharing mode

z/OS Security Server RACF System Programmer's Guide
SA23-2287-00

When RACF® enters data sharing mode, all members of the sysplex change modes at the same time. If you want to use data sharing mode, all systems sharing the database must be members of the same sysplex. Before RACF can enter data sharing mode, the following additional requirements must be met:
  • All sharing systems are enabled for sysplex communication.
  • All sharing systems have z/OS Security Server RACF enabled.
    Note: If a z/OS® system does not have RACF enabled, it does not join the data sharing group, but other systems are not affected and can still enter the data sharing group.
  • All sharing systems have access to the same coupling facilities.
  • RACF structures are defined to the coupling facility policy.
  • All systems must not be in XCF-local mode.
  • If you are using the global resource serialization function to serialize system resources, the major names SYSZRACF and SYSZRAC2 cannot be in the exclusion resource name list (RNL).
    • If you have SYSZRAC2 in your RNL, you must schedule a sysplex-wide IPL to remove it before running RACF in sysplex communication or datasharing mode, or your RACF database might become corrupted. You cannot remove this name dynamically, because RACF maintains a permanent ENQ on this resource.
    • If you have SYSZRACF in your RNL, you can remove it dynamically if you first stop the RACF subsystem on all systems in the global resource serialization complex. SYSZRACF (minor name of RACF) is held continuously if a RACF subsystem is running, and stopping the RACF subsystems releases the ENQ.
  • If you are using a non-IBM global resource serialization product to serialize system resources, be aware that resources with major names SYSZRACF and SYSZRAC2 might be requested with SCOPE=SYSTEMS. You must ensure that SCOPE=SYSTEMS is honored for these requests.
  • All sharing systems meet the requirements for sharing a database:
    • The database resides on shared DASD.
    • The data set name table (ICHRDSNT) is compatible on all sharing systems.
    • The database range table (ICHRRNG) is identical on all sharing systems.
    • The class descriptor table (ICHRRCDE) is compatible on all sharing systems.
Attention:
  • If any system is using the database in data sharing mode, then all systems accessing the database must be in the same sysplex and must use the database in data sharing mode. If you attempt to share the database with a system (z/OS or VM) outside of the sysplex, or if a system in the sysplex attempts to use the database in non-data sharing mode, database corruption will occur.
  • If RACF detects possible incorrect use of the database that would result in data corruption, it issues a WTOR message to the system operator, prompting the operator to verify that the database is not being used incorrectly. For details about how to respond to any of these messages, refer to .

If you have z/OS systems that need to use the same security data, but are not all members of the same sysplex, you can give a system outside of a sysplex its own copy of the RACF database used by the sysplex, and use automatic direction to keep the databases synchronized. See Overview of the RRSF function for information on automatic direction.

Parent topic: Sharing a database

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014