z/OS Security Server RACF System Programmer's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Overview of the RRSF function

z/OS Security Server RACF System Programmer's Guide
SA23-2287-00

RRSF provides the following functions:
  • Command direction

    A user logged on to one user ID can issue a RACF® command and direct that command to run under the authority of the same or another user ID on the same or another RRSF node. A user directs a command by using the AT keyword on the command to specify the RRSF node and user ID the command is to be directed to. The command runs asynchronously in the RACF subsystem address space, and the output is returned to the issuing user's RRSFLIST data set.

    Before a user can direct a command to run under another user ID, a user ID association must be established between the two user IDs. Profiles in the RRSFDATA class control to which nodes command direction is allowed, and which users can direct commands.

  • Password synchronization

    If password synchronization is enabled between two user IDs, when the password or password phrase is changed for one of the user IDs, RACF automatically changes the password or password phrase for the other.

    Password synchronization is enabled between two user IDs by creating a peer user ID association between the two IDs that specifies password synchronization. Profiles in the RRSFDATA class control who can define user ID associations with password synchronization enabled, whether password synchronization occurs on an RRSF node, and for which users. The SET command activates and deactivates password synchronization.

  • Automatic direction
    Automatic direction allows you to have RACF automatically direct updates made to the RACF database on an RRSF node to one or more other RRSF nodes. If profiles on two or more RRSF nodes are already synchronized, you can use automatic direction to have RACF automatically keep the profiles synchronized. Automatic direction does not require user ID associations. Instead, automatic direction assumes that if the same user ID exists on two different nodes, those user IDs belong to the same person. RACF provides the following types of automatic direction:
    • Automatic command direction. Profiles in the RRSFDATA class control which commands are automatically directed, and to which nodes.
    • Automatic password direction. Profiles in the RRSFDATA class control for which users password and password phrase changes are automatically directed, and to which nodes.
    • Automatic direction of application updates. Profiles in the RRSFDATA class control which application updates are automatically directed to which nodes.

    The SET command activates and deactivates automatic direction.

For a more detailed description of these functions, see z/OS Security Server RACF Security Administrator's Guide.

Parent topic: Overview of the RACF remote sharing facility (RRSF)

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014