Failsoft processing affects you in the following ways:
- If you are already logged on:
If RACF® is in failsoft mode, those users already
on the system continue to have certain access requests validated by RACF. These requests are data-set-related
requests or RACROUTE REQUEST=FASTAUTH processing. To continue validating, RACF uses whatever in-memory tables
are still valid in addition to routing control to various exits for
further processing. RACF can
also continue to log access requests, whether it grants them or not.
Note: If the user requests access to a data set and the decision
could not be made using a valid internal table, RACF, through failsoft processing, prompts the
operator to approve the request.
- If you are not logged on:
The only users who can log on to
TSO are those who have user IDs in SYS1.UADS and know their UADS password.
These users are not known to RACF and RACF prompts the operator each
time one of them requests access to a general resource or a data set
that does not start with the user's ID. (This occurs because the users
had not been verified—no password checking was done by RACROUTE REQUEST=VERIFY.)
If
you reactivate RACF, you should
have the users log off and log back on so that they can be identified
to RACF.