The use of the RACF® FACILITY class allows security administrators to control who can issue DFSMShsm commands. Security administrators can define RACF profiles that DFSMShsm honors.
In order to use RACF FACILITY class checking, the RACF FACILITY class must be active when DFSMShsm is started. If the RACF FACILITY class is active, DFSMShsm uses RACF FACILITY class checking for all authorized and user commands. Adding or modifying the RACF FACILITY class resources does not require a restart of DFSMShsm. If the RACF FACILITY class is used to control access to DFSMShsm commands, the resources defined at the time a command is processed will be used to determine authorization for that command.
If the RACF FACILITY class is not active when DFSMShsm starts, DFSMShsm uses the AUTH command to process all storage administrator commands.
For a full list of RACF FACILITY class resource names, see the topic about authorizing and protecting DFSMShsm resources in z/OS DFSMShsm Implementation and Customization Guide.