z/OS Security Server RACF System Programmer's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACROUTE REQUEST=VERIFY or VERIFYX processing

z/OS Security Server RACF System Programmer's Guide
SA23-2287-00

The RACROUTE REQUEST=VERIFY function does identification and verification of users and determines whether work is allowed to enter the system. Some of the events that can cause VERIFY request processing to occur are:
  • Logons to TSO, IMS™, or CICS®
  • Submitting a batch job
  • Sending data sets to the printer (if WRITER class is active)
  • Processing certain operator commands (if OPERCMDS class is active)
  • Running APPC/MVS transactions
Some of the checks done by REQUEST=VERIFY processing are:
  • Surrogate checking
  • Terminal-authorization and port-of-entry checking
  • JESJOBS checking

For certain callers (RACROUTE REQUEST=VERIFY), specifying SYSTEM=YES on the RACROUTE requests can provide better performance. For more information, see z/OS Security Server RACROUTE Macro Reference.

Specifying a session type of OMVSSRV can also improve performance. When a RACROUTE REQUEST=VERIFY or RACROUTE REQUEST=VERIFYX macro specifies the OMVSSRV session type:
  • RACF® updates the date and time of last user access at most once a day.
  • RACF creates audit records for RACROUTE REQUEST=VERIFY,ENVIR=CREATE only when the macro specifies a new or incorrect password or password phrase, or the user ID is revoked.
For more information, see z/OS Security Server RACROUTE Macro Reference.

Callers of RACROUTE REQUEST=VERIFY may also realize improved performance when the impact of INITSTATS statistics recording is lessened. An installation can specify that, when a user is verified by a particular application, statistics should be recorded only if no recording has been done for that user that day. When an application specifies the APPL operand on the RACROUTE REQUEST=VERIFY request, the system administrator can use a profile in the APPL class to control which users can access the application, and can limit INITSTATS processing to collect daily statistics only. To limit INITSTATS processing to collect daily statistics only, the system administrator specifies the string 'RACF-INITSTATS(DAILY)' in the APPLDATA field of the APPL class profile. For more information, refer to z/OS Security Server RACF Security Administrator's Guide,

Parent topic: User identification and verification

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014