Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Stopping the RACF subsystem address space z/OS Security Server RACF System Programmer's Guide SA23-2287-00 |
|
You can use the RACF® STOP operator command to stop the RACF subsystem address space. Use the RACF STOP command instead of the MVS™ FORCE command, which has some dangerous side effects, such as not cleaning up resources. For the syntax of the RACF STOP command, see z/OS Security Server RACF Command Language Reference. For information on security for the RACF STOP command, see z/OS Security Server RACF Security Administrator's Guide. (Note that there is also an MVS STOP command. The RACF STOP command and the MVS STOP command are not related.) Like other system address spaces that are needed for basic system operation, the RACF subsystem address space runs non-cancellable. If you are not using the RACF remote sharing facility, there is no need to stop the address space before system shutdown. Subsequent IPL or MVS START command processing rebuilds the address space for proper system usage. If you are using the RACF remote sharing facility, the RACF STOP command allows you to stop the RACF subsystem address space with a minimal loss of remote requests. Stopping the RACF subsystem address space any other way (for example, using FORCE) is not recommended, and might cause requests to be lost or the VSAM files for workspace data sets to be damaged. If an RRSF node allows directed commands, password synchronization, or automatic direction, it is important that you stop the address space with the RACF STOP command during a system shutdown, after all users have logged off and all batch jobs have completed. It is also important that you not stop (or FORCE) the address space while users and jobs are active. If you do, updates could be lost, resulting in passwords or profiles not being synchronized, and output from directed commands could be lost. The STOP command does the following things:
If you stop the RACF subsystem address space on an RRSF node, password synchronization and automatic direction can no longer send RRSF requests to remote nodes, and updates that should be made on remote nodes are lost. RRSF requests directed to that node from remote nodes are queued in the workspace data sets at the remote nodes, and are not lost. For example, assume that ADDUSER commands are being automatically directed between NODEA and NODEB, and the STOP command is issued on NODEA. If a user issues an ADDUSER command on NODEA, the command runs on NODEA, but is not directed to NODEB. However, if a user issues an ADDUSER command on NODEB, the command runs on NODEB, and is held on NODEB until communication with NODEA is re-established. The command is then directed to NODEA. For information on remote sharing and automatic direction, see RACF remote sharing facility (RRSF). |
Copyright IBM Corporation 1990, 2014
|