RRSF provides the following functions:
- Command direction
A user logged on to one user ID
can issue a RACF® command and direct that
command to run under the authority of the same or another user ID
on the same or another RRSF node. A user directs a command by using
the AT keyword on the command to specify the RRSF node and user ID
the command is to be directed to. The command runs asynchronously
in the RACF subsystem address
space, and the output is returned to the issuing user's RRSFLIST data
set.
Before a user can direct a command to run under another
user ID, a user ID association must be established between the two
user IDs. Profiles in the RRSFDATA class control to which nodes command
direction is allowed, and which users can direct commands.
- Password synchronization
If
password synchronization is enabled between two user IDs, when the
password or password phrase is changed for one of the user IDs, RACF automatically changes the
password or password phrase for the other.
Password synchronization
is enabled between two user IDs by creating a peer user ID association
between the two IDs that specifies password synchronization. Profiles
in the RRSFDATA class control who can define user ID associations
with password synchronization enabled, whether password synchronization
occurs on an RRSF node, and for which users. The SET command activates
and deactivates password synchronization.
- Automatic direction
Automatic direction allows you to have RACF automatically direct updates
made to the RACF database on
an RRSF node to one or more other RRSF nodes. If profiles on two or
more RRSF nodes are already synchronized, you can use automatic direction
to have RACF automatically
keep the profiles synchronized. Automatic direction does not require
user ID associations. Instead, automatic direction assumes that if
the same user ID exists on two different nodes, those user IDs belong
to the same person. RACF provides
the following types of automatic direction:
- Automatic command direction. Profiles in the RRSFDATA class control
which commands are automatically directed, and to which nodes.
- Automatic password direction. Profiles in the RRSFDATA class control
for which users password and password phrase changes are automatically
directed, and to which nodes.
- Automatic direction of application updates. Profiles in the RRSFDATA
class control which application updates are automatically directed
to which nodes.
The SET command activates and deactivates automatic direction.
For a more detailed description of these functions, see z/OS Security Server RACF Security Administrator's Guide.