RACF interfaces

Table 1 lists the functions for which new or changed RACF® support is available. Sample RACF commands to change the RACF configuration can be found in one of the following members member EZARACF of the installation data set, SEZAINST:
  • EZARACF - Contains sample commands for environments where multilevel security is not configured.
  • EZARACFM - Contains sample commands for environments where multilevel security is configured.

You can use the function name from the table to search EZARACF for all the commands necessary for the function. See z/OS Communications Server: IP Configuration Guide for more information for each function.

Table 1. Summary of new and changed Communications Server RACF interfaces
Function name Rel. Description Reason for change
BINDDVIPARANGE, MODDVIPA V1R13
  • New resource in the SERVAUTH class, EZB.BINDDVIPARANGE.sysname.tcpname.resname, controls whether an application can issue a bind socket call to create a specific dynamic VIPA in a VIPARANGE subnet.
  • New resource in the SERVAUTH class, EZB.MODDVIPA.sysname.tcpname.resname, controls whether an application can do the following actions:
    • Create an application-specific DVIPA, specified by a specific VIPARANGE statement, using the SIOCSVIPA ioctl call, the SIOCSVIPA6 ioctl call, or the MODDVIPA utility
    • Delete a DVIPA that was created using the same profile and the SIOCSVIPA ioctl call, the SIOCSVIPA6 ioctl call, or the MODDVIPA utility
 Improved security granularity for VIPARANGE DVIPAs
IPSec V2R2 Networking applications, that send and receive IPSec protected traffic, are no longer required to have access to certain CSFSERV resource profiles when the CSFSERV class is activated. Simplified access permissions to ICSF cryptographic functions for IPSec
named V2R1 This application is no longer supported. Remove the application started procedure name from the RACF STARTED class. Remove it from the RACF facility class for resources BPX.SUPERUSER and BPX.STOR.SWAP. Remove it from the RACF SERVAUTH class for facility EZB.INITSTACK.sysname.tcpprocname. Removal of BIND DNS Name Server from z/OS
Network Management Interface V2R1 New RACF resource names added for access to the new Real-time application-controlled TCP/IP trace NMI. Real-time application-controlled TCP/IP trace NMI
Setup Profile for VARY Commands V2R2 New MVS.VARY.TCPIP.SMCAT resource profile in class OPERCMDS can be used to control access to the new VARY TCPIP,,SMCAT command. SMC Applicability Tool (SMCAT)
V2R1 New MVS.VARY.TCPIP.SYNTAXCHECK resource profile in class OPERCMDS can be used to control access to the VARY TCPIP,,SYNTAXCHECK command. Check TCP/IP profile syntax without applying configuration changes
Parent topic: Communications Server IP summary of interface changes