The links and information available through this page are provided as a public service to the RACF community.

 

RACF User Groups

 

RSH RACF Presentations

 

RACF User Group (RUG) Presentations

 

RSH RACF Information

 

RSH RACF White Papers

 

RSH RACF Tips Newsletters

 

RSH RACF Tips on Twitter

 

RSH RACF Surveys

 

RSH RACF Magazine Articles

 

RSH Software

 

RACF-L Internet Discussion List

 

RACF Reference Links

 


RACF User Groups

RUGONE - RACF Users Group of the Northeast

KOIRUG - Kentucky-Ohio-Indiana RACF Users Group

CHIRUG - Chicagoland RACF Users Group

GARUG - Georgia RACF Users Group

NYRUG - New York RACF Users Group

BWRUG - Baltimore-Washington RACF Users Group

CRUG - Carolinas RACF Users Group

... return


RSH RACF Presentations

 

... return


RACF User Group Presentations

 

... return


RSH RACF Information

 

RACF - An Overview

 

Sept 2015

RACF CDT z/OS 2.1 (pdf | xlsx)

Updated

 

RACF CDT z/OS 2.2 (pdf | xlsx)

New

 

Julian Days, Dates, and Day of the Week

2014 | 2015 | 2016 | 2017

New

 

... return


RSH RACF White Papers

 

... return


RSH RACF Tips Newsletter

"RSH RACF Tips" provides valuable information and advice to RACF administrators, technicians, and auditors. It is published in hardcopy on a quarterly basis and mailed to qualified individuals. To begin receiving a complimentary copy, please complete and return the subscription form below. Copies of issues from a year or more ago are available on-line.

RSH RACF Tips Newsletter Subscription Form

 

"I do find the newsletters very informative. Sometimes about new things and other times reminding me of things I had forgotten. I look forward to them." Casey Parker, State Compensation Insurance Fund

 

RSH RACF Tips  - Volume 11, Issue 2

- CICS & KDFAES
- SMF Unload Errors Due To Record Format Changes
- ICB & RCVT
- POSIT
- CLAUTH
- &RACGPID & DFLTGRP
- z/OS 2.3 Preview - UID(0) Display
 

April 2017

RSH RACF Tips  - Volume 11, Issue 1

- PPT NOPASS Change
- NOREVOKE = RESUME
- WARNING SMF Records
- AUDITORS: Review the Global Access Table (GAT)
- RACFRW Limitations
- Logging FTP JES Activity
- CIM and SURROGAT
 

Jan 2017

RSH RACF Tips  - Volume 10, Issue 4

- Password Disclosure in SMF
- FDR & DASDVOL
- AUTOMOUNT Security Issues
- CA-TPX Logon Logging
- IRRDBU00 Record Sequence
- EXEC.RACF.CLIST PDS
- CEA and /var/CEAServer
 

Oct 2016

RSH RACF Tips  - Volume 10, Issue 3

- RACF SMF Tidbits
-"Hidden" Profiles
-Broken DFLTGRP Connect
-Accurate IRRDBU00 Unloads
-Auditors: Review JES2 PROCLIB Protections - Part 1
-SDSF SECURITY TRACE
 

"First of all I want to thank you for your information we always get with your newsletter. It has given us some valuable details many times already, so we could enhance some of our RACF definitions even more, which we really appreciate." Erika Theiler, AXA Technology Services

 

July 2016

RSH RACF Tips  - Volume 10, Issue 2

- DSMON - LINECOUNT 0
- Unix Protection Loophole
- Auditors: Review DITTO and FILE Manager DISK.FULLPACK
- SECLEVELAUDIT 64 Error
- PROGRAM Class Anomalies
- Finding RACF Exit Modules
- Catch-all / Backstop Profile
- TSO PASSWORDPREPROMPT
- Prevent Anonymous FTP Job

 

April 2016

RSH RACF Tips  - Volume 10, Issue 1

- CICS 5.2 Supplied Transactions
- z/OS 2.2 - Console Timeout
- z/OS 2.2 - IQPINIT PPT Entry
- CA Product RACLIST
- RACF Requests for Enhancements (RFE)
- Auditors: Review System Dataset Protection
- IRRDBU00 - READ Access

 

Jan 2016

RSH RACF Tips  - Volume 9, Issue 4

- RSH RACF Overview
- SUPERUSER.FILESYS.DIRSRCH
- Clear an ID's Password History
- The End of Masked Passwords
- TSO IDs - 7 Characters or Less

 

"I enjoy getting your newsletter. It is a good publication and I thank you for that service." Wade Juza, Acuity Insurance

 

Oct 2015

RSH RACF Tips  - Volume 9, Issue 3

- Coming in z/OS 2.2 - ROAUDIT
- Helpful TSO PROFILE Options
- Protecting Datasets with Single Qualifier DSNAMEs
- Profile CONNECT Entries
- Auditors: RACF Staffing Levels
- Missing TMON Resources
- USER.OMVS.UID & SHARED.IDS

 

July 2015

RSH RACF Tips  - Volume 9, Issue 2

- Shorter Password Phrases
- TSO STATUS, CANCEL, OUTPUT
- ASG-Zeke Resource Classes
- SURROGAT Profile Owner
- AUTOPROF SMF Event Records
- Base64 Messages in RACF-L
- INITOEDP SMF Event Records
- Auditors: Profile Creator Access
- Orphaned OWNERs and GROUPs

 

April 2015

RSH RACF Tips  - Volume 9, Issue 1

- RACF Password Enhancements
- BPX.SAFFASTPATH Addendum
- WebSphere MQ RACLIST
- Unknown Operator Commands
- CA Common Services & MAXTHREADS
- Finding Undefined User Logons
- WARNING Contest Winner
- AUDIT NONE Becomes READ
- Auditors: Find Responsible Party
- REVOKED & BPX.UNIQUE.USER

 

"The newsletter is always useful. I have picked up numerous tips and tricks from it over the years. Thanks." Bob Young, Capital One 

 

Jan 2015

RSH RACF Tips  - Volume 8, Issue 4

- OPERCMDS Resource Prefixes
- Started Tasks & REVOKE
- PROTECTED & INACTIVE
- Outsource Risk
- z/OS Unix Command History
- WARNING Contest
- Auditors: Ensure SETROPTS JES(BATCHALLRACF) is active
- Invalid RACF Activation Code

 

Oct 2014

RSH RACF Tips  - Volume 8, Issue 3

- Default UACC & Connect UACC
- Operator Command Entry
- Auditors: Ensure OPERATIONS is Controlled, Part 4
- Comparing z/OS Unix and RACF
- Special Grouping Classes
- z/OS 2.1 REXX EXECIO Control

 

July 2014

RSH RACF Tips  - Volume 8, Issue 2

- z/OS 2.1 TRUSTED Tasks
- SDSF Destination Operators
- z/OS 2.1 APPL CBDSERVE
- FSSEC and ACL Activation
- TRUSTED UAUDIT SURROGAT
- z/OS 2.1 JES2 Modify Service
- Auditors: Ensure OPERATIONS is Controlled, Part 3

 

"You do a great job of making RACF information understandable and available." Harold Clough, DISA 

 

April 2014

RSH RACF Tips  - Volume 8, Issue 1

- CHOWN.UNRESTRICTED
- @RSH_RACF on Twitter
- BPX Profiles & Superuser
- Auditors: Ensure OPERATIONS is Controlled, Part 2
- CA-1 CDT Entries
- IRRHFSU Utility Update

 

Jan 2014

RSH RACF Tips  - Volume 7, Issue 4

- Deleting UNIVERSAL Groups
- TFS FSP
- Auditors: Ensure OPERATIONS is Controlled, Part 1
- CA ENDEVOR Resource Class
- Replacing an Access List

 

Oct 2013

RSH RACF Tips  - Volume 7, Issue 3

- IRRHFSU Enhancements
- z/OS 1.13 TRUSTED Tasks
- Group GID(0)
- RACDCERT LIST Clarification
- Group GID VLF Problem Update
- FIELD Authority to Add an Empty Segment or Delete a Segment
- Auditors: Ensure Effective Use of RESTRICTED
- Class SYSAUTO

 

"I have been getting my RACF newsletters, and I definitely enjoy reading them. They're always full of good information." Janice Loar, John Deere 

 

July 2013

RSH RACF Tips  - Volume 7, Issue 2

- Improved RACF Googling
- SURROGAT Contest Winner
- IRRUT200 ACTIVATE Hang
- DEFINE RECATALOG Check
- Protecting Program EDGINERS
- Auditors: Check the PPT
- RACF FMID Reference
- RACF Health Checker Issues
- Group GID VLF Cache Problem

 

April 2013

RSH RACF Tips  - Volume 7, Issue 1

- Protect Shutdown Commands
- Custom Field Names
- RRSF & Batches of Commands
- UNIX sudo & sudoedit
- Auditors: Confirm Started Task and Batch IDs are PROTECTED
- SURROGAT Contest
- FIELD Permits to &RACUID

 

Jan 2013

RSH RACF Tips  - Volume 6, Issue 4

- RRSF & TCPIP Communication Failure Issue
- AIM Conversion Lockup Issue
- FASTAUTH & DEFAULT TOKEN
- ABEND Due to FROM Profile With Undefined OWNER
- Many More FACILITY Resources
- Unix Default User & MAXUIDS
- ITOM Resource Name Error
- Unix Path Names in SMF Unload Records Can Have // Prefix
- Identify Underlying zFS Dataset

 

Oct 2012

RSH RACF Tips  - Volume 6, Issue 3

- To All Our Clients - Thank You!
- REQUEST=VERIFY & GLOBAL
- FACILITY BPX.SAFFASTPATH
- SMF Type 30 Records
- Auditors: Confirm PROTECTALL is Active
- More on Replacing BPX.DEFAULT.USER
- Listing CA-1 Security Options

 

July 2012

RSH RACF Tips  - Volume 6, Issue 2

- Replacing BPX.DEFAULT.USER
- Additional GLOBAL Entries
- Temporary Dataset Protection
- Auditors: Review Tape BLP Authority

 

April 2012

RSH RACF Tips  - Volume 6, Issue 1

- CICS TS 4.2 & RACF
- RACF-L Internet Discussion List
- Auditors: Review PROGRAM Protection
- Beware Making the Unix Default User a File or Directory Owner
- ISPF 3.17 MA Line Command
- Protect TCP/IP Low Ports
- TSO User Data Sharing

 

Jan 2012

RSH RACF Tips  - Volume 5, Issue 4

- z/OS UNIX Security Enhancement
- Duplicate JOBINIT Records
- Indicate Permit Level in DATA
- Is * or ** More Specific? (Answer)
- Auditors: Review Tape Dataset Protection Bypass Authority
- Password Reset Authority Delegation
- CF Rebuild Can Hang Sysplex

 

Oct 2011

RSH RACF Tips  - Volume 5, Issue 3

- z/OS Security & Integrity APARs
- Performance Tip: IRRDBU00
- Monitoring Using JESJOBS
- IRRHFSU & UAUDIT
- Auditors: Review SETROPTS AUDIT(classes)
- Your Unix Default User May Own Files & Directories
- More FACILITY Resources
- Grouping Profile Name Length

 

July 2011

RSH RACF Tips  - Volume 5, Issue 2

- Trust SMS
- Proper RACF Database Backup
- Demise of BPX.DEFAULT.USER
- MVS.DISPLAY.TCPIP
- RACF Administrator's DFLTGRP
- RACF Protect TCP/IP Ports
- Auditors: Review Password Minimum Change Interval

 

April 2011

RSH RACF Tips  - Volume 5, Issue 1

- IGGCSI00 and Catalog Access
- Prevent Connection Mishaps
- WHEN(CONSOLE(SDSF))
- Websphere Library Change
- Performance: CA-Endevor LAT
- Auditors: Check Password History Option

 

Jan 2011

RSH RACF Tips  - Volume 4, Issue 4

- SMP/E Protection
- Performance: GENERICANCHOR
- Correction: FILEPROCMAX
- FASTAUTH Now Honors TRUSTED and PRIVILEGED
- Auditors: Check User Password Change Intervals
- IPv4 Terminal IDs

 

Oct 2010

RSH RACF Tips  - Volume 4, Issue 3

- Goodbye VSAMDSET and SYSCTLG
- DB2 DDF and FILEPROCMAX

- Deleting an Invalid Profile Containing Character '('
- OPERCMDS Profile Prefixes
- Auditors: Check for Weak Password Rules
- Performance: CICS USRDELAY
- SEARCH LEVEL(nn)

 

July 2010

RSH RACF Tips  - Volume 4, Issue 2

- FTP and JES
- Quick LD in ISPF 3.4 DSLIST

- Eliminating Discrete 'Generics'
- Auditors: Validate PROGRAM Profile Libraries

 

April 2010

RSH RACF Tips  - Volume 4, Issue 1

- Custom Field List Titles
- Safely Implement PROTECTED
- Auditors: Verify LOGOPTIONS are set to log z/OS Unix events
- ISPF 3.17 Udlist - List Unix Files & Directories

 

Jan 2010

RSH RACF Tips  - Volume 3, Issue 4

- Reducing Unix Superuser Use
- Should You Monitor or Restrict LISTDSD, RLIST, or SEARCH?
- List All SETROPTS Options without System-AUDITOR

- SMF Unload LRECL Change

- Auditors: Review Access Permitted to *
- Restrict Use of DSMON

 

Oct 2009

RSH RACF Tips  - Volume 3, Issue 3

- RACLIST REFRESH & STARTED
- AUDITOR UNIX APAR
- RMM Superuser

- RESTRICTED & UNIX Access

- SEARCH Command Mystery (Answer)
- Auditors: Verify Tape Data Protection is Active

- TSO APPL Class Resource

 

July 2009

RSH RACF Tips  - Volume 3, Issue 2

- TEMPDSN and CA-Endevor
- JESINPUT
- Performance: Database Reorg
- Auditors: PRIVILEGED and TRUSTED Started Tasks

 

April 2009

RSH RACF Tips  - Volume 3, Issue 1

- Specifying a Replacement ID with IRRRID00

- Recent APARs of Interest

- Temporary Access with CONNECT REVOKE(date)

- Auditors: How to Examine z/OS Unix Directory and File Security

- Limit on DB2 Secondary AUTHIDs Raised

 

Jan 2009

RSH RACF Tips  - Volume 2, Issue 4

- Authority to Administer Unix Directory & File Permissions

- Performance: Avoid SETROPTS GENERIC(DATASET) REFRESH

- Auditors: Find and Investigate Profiles in WARNING

 

Oct 2008

RSH RACF Tips  - Volume 2, Issue 3

- OPERATIONS Authority Considerations

- Avoiding Output Browse Violation Messages in SDSF

- z/OS Unix Use Control

- Auditors: Review ALTER Access to Catalogs

 

July 2008

RSH RACF Tips  - Volume 2, Issue 2

- LISTDSD Hints

- Sharing Output in SDSF (Without JESSPOOL Permission)

- Auditors: Review RACFVARS Profile &RACLNDE

 

April 2008

RSH RACF Tips  - Volume 2, Issue 1

- Practical Uses for LEVEL

- CSA Storage Protection

- Auditors: Verify FDR's RACF Interface is Active

 

Jan 2008

RSH RACF Tips  - Volume 1, Issue 3

- Performance: Resident Data Blocks (RDBs)

- Auditors: Review Outbound NJE Transmission Controls

 

Oct 2007

RSH RACF Tips  - Volume 1, Issue 2

- Entering RACF Commands at the Console

- Performance: NOYOURACC

- Auditors: Review DITTO and FILE Manager DISK.FULLPACK

 

July 2007

RSH RACF Tips  - Volume 1, Issue 1

- Avoiding DFSMShsm Recalls with ARCCATGP

- Performance: Increase your Enqueue Residency - ERV

- Enable Logging of Access to CA's ENDEVOR Resources

- Auditors: Review SURROGAT Batch Submit Authority

 

April 2007

... return


RSH RACF Tips on Twitter

Twitter account @RSH_RACF was created to publish useful RACF tips and RSH news of interest to RACF administrators, technicians, and auditors. You can view our tweets via the web without having a Twitter account simply by clicking on the link below.

 

Tweets via Web:  Robert Hansel @RSH_RACF

 

Tweets via Text: To avoid having to repeatedly check Twitter's website for our tweets, have them sent directly to your mobile device via text message. Here is how to activate this feature.

 

If you do not have a Twitter account, go to www.twitter.com and create one. During sign-up, you will be asked to follow Twitter users. Enter RSH_RACF in the Search box to find us and click on "Follow". (Twitter annoyingly insists you sign up to follow other users during the registration process. To bypass this, simply end your browser session. Then restart your browser and sign back in.) You will be sent an email to confirm your account.

 

If you already have a Twitter account, simply click on the following.

 

 

 

After you have started following us, sign into your Twitter account and click on "Settings and Help" (cog icon in the upper right). This will display a menu list. Select "Settings". Then, from the settings menu listed on the left, select "Mobile". Enter your device's phone number and click "Activate phone". You will be asked to send a text message with the word GO to 40404 from your mobile device to activate the service.

 

Once your mobile device has been activated, click on "Home" (upper left) and then "Following" (just beneath your name) to see a list of all the Twitter users you are following. Find "Robert Hansel @RSH_RACF" in the list, and click on the "User Actions" icon to the right of our name. This will display yet another menu list. Select "Turn on mobile notifications". From then on, our RACF tweets will come right to your mobile device.

... return


RSH RACF Surveys

RSH conducts anonymous monthly surveys on a wide variety of RACF related topics. Results of past surveys are provided below. We announce the launch and results of each survey on RACF-L. If you are not a member of RACF-L or do not monitor it closely but would still like to participate in these surveys, you can have announcements sent to you directly by sending your name, organization, and business email address to RSH-Surveys.

CATDSNS

Mar 2017

MODELLING

Feb 2017

GRPACC

Jan 2017

ICHAUTAB

Dec 2016

NJEUSERID and UNDEFINEDUSER

Nov 2016

CLAUTH

Oct 2016

SYS1 Profiles

Sept 2016

SETROPTS GRPLIST

Aug 2016

ICHRIN03

July 2016

STARTED Profiles

June 2016

SHARED.IDS

May 2016

TERMINAL Class

April 2016

FILE.GROUPOWNER.SETGID

Mar 2016

SETROPTS PREFIX

Feb 2016

Tape Protection

Jan 2016

RACF Database Reorg

Dec 2015

RACF & SDSF

Nov 2015

Password Rules

Oct 2015

ALTER Access Administration

Sept 2015

ADSP

Aug 2015

Connect Owner

July 2015

GENERICANCHOR

June 2015

BPX.DAEMON

May 2015

New Password Options

April 2015

SETROPTS PROTECTALL

Mar 2015

Production Batch IDs

Feb 2015

RACF Recovery

Jan 2015

RACF Database Backup

Dec 2014

SETROPTS INACTIVE

Nov 2014

SETROPTS LOGOPTIONS

Oct 2014

RESTRICTED

Sept 2014

Split RACF database and ICHRRNG table

Aug 2014

PASSWORD INTERVAL

July 2014

z/OS Unix File System security administration

June 2014

SETROPTS JES Options

May 2014

Default Access

April 2014

CICS System Initialization (SIT) Security Parameters

Mar 2014

Digital Certificate Administration

Feb 2014

UNIXPRIV profile CHOWN.UNRESTRICTED

Jan 2014

Digital Certificate Use

Dec 2013

PassTickets

Nov 2013

SETROPTS PASSWORD MINCHANGE

Oct 2013

Password Phrases

Sept 2013

Database Unload utility IRRDBU00

Aug 2013

RRSF (RACF Remote Sharing Facility)

July 2013

Naming Conventions Table (ICHNCV00)

June 2013

PRIVILEGED Started Tasks

May 2013

SETROPTS ERASE

April 2013

RACF Staffing Levels

Mar 2013

IBMUSER

Feb 2013

Manager of Senior RACF Administrator

Jan 2013

CFIELD custom field profiles

Dec 2012

Age of RACF-L Participants

Nov 2012

RACF and SAF exits

Oct 2012

Unix File System unload utility IRRHFSU

Sept 2012

DB2 objects access control

Aug 2012

z/OS Health Checker RACF checks

July 2012

FACILITY profile BPX.SAFFASTPATH

June 2012

Class FSSEC

May 2012

RACF-related SMF record retention

April 2012

FACILITY profile BPX.DEFAULT.USER

Mar 2012

TEMPDSN

Feb 2012

SETROPTS MIXEDCASE

Jan 2012

Program protection mode

Dec 2011

Application Identity Mapping (AIM)

Nov 2011

SETROPTS EGN

Oct 2011

... return


RSH RACF Magazine Articles

 

... return


RACF-L Internet Discussion List

Instructions for Joining & Using RACF-L

University of Georgia - RACF-L Archives

... return


RACF Reference Links

IBM's RACF Home Page

IBM's z/OS System Integrity Statement

Nigel Pentland's RACF Home Page

SHARE

... return

2017 RSH Consulting, Inc. All Rights Reserved.

For additional information, contact: RSH_Information or 617-969-9050.