z/OS Security Server RACF Callable Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Function

z/OS Security Server RACF Callable Services
SA23-2293-00

The R_admin callable service provides an interface with which to manage and retrieve RACF® profile and SETROPTS data. Several function codes are available for use, depending on what profile type you want to manage, and which operation you want to perform. The available functions are:
  • Input functions
    • Run-command: Accepts a command image and executes this command in the RACF subsystem address space.
    • Update functions: Accepts tokenized input from which a RACF command image is constructed, and executed in the RACF subsystem address space. These functions shield the programmer from the details of RACF command syntax. The following RACF information can be managed using the update functions:
      • USER profiles
      • GROUP profiles
      • User-to-group connections
      • General resource profiles
      • Data set profiles
      • General resource and data set profile access lists
      • SETROPTS options
  • Output functions
    • Profile extract functions: Return tokenized, formatted data for RACF profiles in all classes except the DATASET class.
    • SETROPTS retrieval - returns SETROPTS data in either of two formats:
      • SMF Unload
      • The same tokenized structure used as input to the SETROPTS update function
    • Password and password phrase envelope retrieval - Retrieves an encrypted password or password phrase envelope for a specified user.

Most, but not all, of these function codes require the RACF subsystem address space to be up and running. Some function codes require that the caller be in supervisor state, but some are also available for problem state callers. Usually, problem state callers require additional RACF profile authorization and certain options are not available to them (for example, the ability to run the request under a different identity).

The IRRPCOMP mapping macro contains the definitions for the function codes and structure mappings used by R_admin. The relevant fields start with prefix ADMN_.

A REXX interface to the profile extract functions is available. This program, named IRRXUTIL, is designed to be invoked by REXX in problem state, and converts the output of an R_admin extract request to a set of REXX stem variables. For more information, refer to z/OS Security Server RACF Macros and Interfaces.

Parent topic: R_admin (IRRSEQ00): RACF administration API

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014