z/OS Security Server RACF General User's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Directing commands

z/OS Security Server RACF General User's Guide
SA23-2298-00

The RACF® remote sharing facility (RRSF) lets you direct most RACF commands to be processed on a node and user ID other than the one you are currently logged on to. You can also direct a command to the user ID you are currently logged on to. Directed commands run asynchronously; that is, the command issuer does not wait until the command completes processing, and results and output from the commands are returned to the command issuer in a data set. z/OS Security Server RACF Command Language Reference lists the commands that can be directed. See User ID associations for information on creating the user ID associations necessary to direct commands. Also, you must have authorization to direct commands. If you are not sure whether you are authorized, contact your security administrator or see z/OS Security Server RACF Security Administrator's Guide for more information.

You can use the AT keyword to direct allowed RACF commands to be processed under the authority of an associated user ID without actually logging on to that ID. Add the AT keyword to the end of any allowed RACF command and specify the node and user ID (node.userid) at which the command should be processed. A user ID association is required for all commands directed to another node or user ID, but it is not required if you are directing the command to the user ID you are currently logged on to.

When you direct a command, the results are returned to you and are appended to the bottom of your RRSFLIST user data set. You receive a TSO SEND message telling you whether the directed command completed successfully or unsuccessfully. If you do not have an RRSFLIST user data set, RACF allocates one and adds the results. The RRSFLIST data set name is 'prefix.userid.RRSFLIST', where prefix is your TSO prefix at the time you issued the command. If prefix matches userid or if you specified PROFILE NOPREFIX on the TSO PROFILE command, the data set name used is 'userid.RRSFLIST'.

You are responsible for maintaining this data set. If your data set becomes full, the output is transmitted to your user ID. In order for RACF to append to your RRSFLIST user data set again, you must edit and delete some of the returned output in this data set. If your RRSFLIST user data set is in use when the RACF remote sharing facility tries to append the results, RACF waits for a brief time and tries again. This could cause the results of directed commands to be appended out of sequence with the output that was returned.

The following examples illustrate the format of the output produced by directed commands. The format of the output is the same for both your RRSFLIST data set and for the output transmitted when your data set is full. Figure 1 shows the format of output for this directed LISTGRP command: 
LISTGRP (SYS1) AT(MVS03.SMITHJ)
Figure 2 shows the format of output for this directed ADDSD command: 
ADDSD 'JWS.DEV*' AT(MVS02.JWS)
Figure 1. A directed LISTGRP command: sample output
LG issued at 09:14:32 on 02/02/98 was processed at MVS03.SMITHJ on
02/02/98 at 09:16:24

 COMMAND ISSUED: LISTGRP   (SYS1)

 COMMAND OUTPUT:
 INFORMATION FOR GROUP SYS1
     SUPERIOR GROUP=NONE         OWNER=SMITHJ
     NO INSTALLATION DATA
     NO MODEL DATA SET
     TERMUACC
Figure 2. A directed ADDSD command: sample output
ADDSD issued at 09:47:32 on 02/02/98 was processed at MVS02.JWS on
02/02/98 at 09:48:51

 COMMAND ISSUED: ADDSD        'JWS.DEV*'

 COMMAND OUTPUT:
 IRRR008I Command succeeded.  There are no messages.
Parent topic: Using RACF commands

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014