Considerations when sharing between z/OS and z/VM systems

Restrictions: When you share a RACF® database between z/OS® and z/VM® systems, the following restrictions apply:

The RACF database cannot be on FBA DASD.
You cannot use a coupling facility for the RACF database on the z/OS system.
You must use RESERVE/RELEASE serialization for the database. You cannot use the MVS™ global resource serialization function (or an equivalent product) on the z/OS system to convert the RESERVEs to ENQs.
You must perform administration of many profiles from the z/OS system. For example, if a USER profile contains alias mapping fields (for example, OMVS UID), those users should be managed from the z/OS side so that the indexes are properly maintained. In the OMVS UID example, there is no OMVS keyword on VM, so you could not directly manage the segment on VM. However, if you deleted the profile on the VM system, the alias indexes would not be properly maintained on the z/OS system. In a similar example, if a USER has digital certificates on z/OS, and that user were deleted on the VM side, the digital certificates would not be cleaned up properly on z/OS.

Guideline: If you are sharing a database between z/VM and z/OS systems, run the utilities from the z/OS side for better ease-of-use, recovery, and error-reporting.

In a remote sharing environment, a z/OS system configured as an RRSF node can share a RACF database with a z/VM system. Database updates that are made on other RRSF nodes can be propagated to the shared database, allowing the z/VM system to share database changes made on other systems. However, database updates that are made on the z/VM system are not propagated to the RRSF nodes.