RACF® provides the following facilities:
- The necessary functions to record information identifying individual users
of system resources, and information identifying the resources that require
protection. The information you define to RACF about users and resources is
stored in user and resource profiles.
- The facilities to define which users, or groups of users, are either permitted
access, or excluded from access, to the resources for which profiles have
been defined. The information recording the users, or groups of users, permitted
to access any particular resource is held in an access list within the profile that protects a resource.
- A method to process requests, issued by subsystems or jobs running in
an MVS™ system, to authenticate the identity of users defined to RACF, and
to check their access authorization to resources.
- The facilities for logging security-related events, such as users signing
on and signing off, the issuing of RACF commands, and attempts to access protected
resources. Successful attempts to access protected resources may be recorded
by the MVS System Management Facility (SMF). If you want to record all attempts to access protected resources,
whether successful or not, use RACF auditing, as described in the z/OS Security Server RACF Auditor's Guide .
The RACF auditor can run the RACF report writer to generate reports based
on the SMF records.
For information on using RACF to perform auditing functions (specifying auditing operands on RACF commands, and
using the RACF report writer to generate reports of audited security-related
activity), see the z/OS Security Server RACF Auditor's Guide.