Failsoft processing occurs when no data sets in the primary RACF® database are available (RACF is installed but inactive). Although it degrades system performance and system security, in rare cases it might be necessary when you repair RACF. During failsoft processing RACF cannot make decisions to grant or deny access. For data sets, RACF prompts the operator frequently to grant or deny access. For general resource classes, RACF returns a return code of 4 and the resource manager (for example TSO or CICS®) decides on the action.

When RACF is in data sharing mode, failsoft processing also results when the system is running an MVS™ release that does not support the RACF sysplex data sharing option.

Failsoft can be temporary or permanent. Temporary failsoft occurs as a result of the RVARY INACTIVE command. You can exit temporary failsoft by issuing the RVARY ACTIVE command. Permanent failsoft occurs as a result of a serious system error. You must re-IPL the system to exit permanent failsoft.

The logging your installation specified while RACF was active remains operative after failsoft processing goes into effect. In addition, RACF logs all accesses that the operator allows or denies.

RACF calls the RACROUTE REQUEST=AUTH and RACROUTE REQUEST=DEFINE preprocessing exit routines during failsoft processing. The use of preprocessing RACF exits enables an installation to define its own version of failsoft processing so that it can avoid the system performance problems caused by continual operator prompts. For example, an exit could be written to record resource definitions in SMF records and later automatically apply them to the RACF database.