-
Notifications
You must be signed in to change notification settings - Fork 28
RACF commands
IBA-mainframe-dev edited this page Nov 16, 2020
·
2 revisions
User profiles contain security information about the userid's defined to RACF who can access (or not) the resources.
| Description | Command |
|---|---|
| Add a userid to the RACF database | AU userid NAME(‘user_name’) DFLTGRP(grp_name) OWNER(owner) PASS(password) |
| List a userid profile | LU userid |
| Set a temporary password to a userid | ALU userid PASSWORD(password) |
| Revoke a userid | ALU userid REVOKE |
| Resume a userid | ALU userid RESUME |
| Resume a userid and set a temporary password | ALU userid RESUME PASS(password) |
| Connect a userid to a RACF group | CO userid GROUP(grp_name) OWN(grp_name) |
| Remove a userid from a RACF group | RE userid GROUP(grp_name) |
| Change the user name of a userid | ALU userid NAME(‘user_name’) |
| Change the installation data of a userid | ALU userid DATA(‘inst_data’) |
| Delete a userid from RACF database | DU userid |
Group profiles contain security information about group attributes and user connections.
| Description | Command |
|---|---|
| Add a group to RACF | AG grp_name OWNER(owner) SUPGROUP(superior_grp_name) |
| List a RACF group details | LG grp_name |
| Change the Superior Group of a RACF group | ALG grp_name SUPGROUP(superior_grp_name) |
| Change installation data of a RACF group | ALG grp_name DATA(‘inst_data’) |
| Delete a RACF group | DG grp_name |
Dataset profiles contain security information about DASD and tape datasets.
| Description | Command |
|---|---|
| Add a Dataset profile to RACF database | AD ‘ds_profile’ UACC(uacc_level) |
| List a dataset profile details | LD DATASET(‘ds_profile’) |
| Change a dataset profile UACC | ALD ‘ds_profile’ UACC(uacc_level) |
| Change a dataset profile OWNER | ALD ‘ds_profile’ OWNER(owner) |
| Delete dataset profile from RACF database | DD ‘ds_profile’ |
| List the profiles matching the mask argument and the Class | SR MASK(mask_argument) CLASS(class) |
| Grants userid access to the dataset profile | PE ‘ds_profile’ ID(userid) GEN AC(access_level) |
| Grants RACF group access to the dataset profile | PE ‘ds_profile’ ID(grp_name) GEN AC(access_level) |
General resource profiles contain security information about all resources other than user, group or dataset.
| Command | Description |
|---|---|
| Add a general resource profile | RDEF class_name profile_name ADDMEM(member) |
| List all details of a general resource profile | RL class_name profile_name ALL |
| Changes the general resource profile UACC | RALT class_name profile_name UACC(acc_level) |
| Delete a general resource profile | RDEL class_name profile_name |
| Grants userid access to the General resource profile of CL class | PE gr_profile CL(class) ID(userid) AC(access_level) |
| Grants RACF group access to the General resource profile of CL class | PE gr_profile CL(class) ID(grp_name) AC(access_level) |
SETROPTS is used to set RACF options or to turn them off
| Description | Command |
|---|---|
| Refresh in-storage profile for a specific CLASS | SETROPTS GENERIC(class_name) REFRESH |
| Sets in RACF that all passwords must be at least six characters in length and contain at least one numeric character, not in the first or last position. Further, the user’s access to the system must be revoked if five incorrect passwords are entered in a row |
SETROPTS PASSWORD(REVOKE(5) RULE1(LENGTH(6:8) ALPHA(1,6) ALPHANUM(2:5)) RULE2(LENGTH(7) ALPHA(1,7) ALPHANUM(2:6)) RULE3(LENGTH(8) ALPHA(1,8) ALPHANUM(2:7)))
|
Sets that all passwords must be changed within interval-days, but not earlier than minchange-days after the change. RACF issue a warning message warning-days before a password expires |
SETROPTS PASSWORD(INTERVAL(interval-days) MINCHANGE(minchange-days) WARNING(warning-days)) |
Sets the number-of-previous-passwords that RACF saves for each user and compares with intended new value |
SETROPTS PASSWORD(HISTORY(number-of-previous-passwords)) |
| Allow mixed-case passwords | SETROPTS PASSWORD(MIXEDCASE) |
Revoke user's right to use the system if the user ID has remained unused within inactive-days
|
SETROPTS INACTIVE(inactive-days) |
| Overwrite data with zeros after deletion | SETROPTS ERASE |
Set RACF to overwrite all data sets at this security-level or higher after deletion |
SETROPTS ERASE SECLABEL(security-level) |
| Deactivate erase-on-scratch processing | SETROPTS NOERASE |
| Bypass Automatic Data Set Protection(ADSP) - RACF does not automatically create discrete data set profiles when users who have the ADSP attribute create new data sets | SETROPTS NOADSP |
| Prevent users without the SPECIAL attribute from accessing uncataloged data sets | SETROPTS CATDSNS |
SMP/E
- How do I check if the APAR or the PTF installation?
- JCL job to create SMP/e zones environment and user datasets
- JCL job to customize SMP/e distribution zone environment
- JCL job to customize SMP/e global zone environment
- JCL job to customize SMP/e target zone environment
- JCL job to load PTF information into global zone and SMP/e datasets
- JCL job to install PTF in the SMP/e target libraries
- JCL job to install PTF in the SMP/e distribution libraries
- JCL job for rejecting PTF to clean up the global zone
- JCL job for restoring PTF to clean up the target zone
- Automated build PTF via JCL + REXX template (IN PROGRESS)
- What should I do if RECEIVE ends with RC=12?
Mainframe automation solutions and best practices
- Mainframe DevOps tutorial – How We Bring DevOps and Automation to Mainframe
- Jenkins MF pipeline code example
- Mainframe integration with Jenkins using USS agent
- Jenkins plug in solution for running JCL jobs
- Mainframe troubleshooting platform - APPULSE
- Azure DevOps with MF (IN PROGRESS)
- Zigi
z/OS DevOps scripts
- Shell script for datasets to transfer from UNIX to the mainframe via ftp
- Shell script to run JCL jobs on the mainframe via ftp
- Shell script to transfer changed sources in git to the mainframe via ftp
RACF
REXX scripts
- REXX script to change parameters values in a config file
- REXX script to replace substring in some members of dataset
ISPF
HSM
- HSM dataset level commands
- HSM system commands
- How do I restore datasets anywhere where HSM is working?
Useful tricks
- How to include a library in the current LOGON session
- How to make IBM Java work for TEP file tep.jnlp
- How to migrate one or more data sets to migration volumes
- How to transfer file from Windows to zOS with command line ftp?
- How do I find out which data sets have used the most amount of space?
- How do I convert a hexadecimal date to a readable date on z/OS?
- How do I compare two data sets interactively?
- How do I use 3270 emulators with a larger screen size?
- How do I make some changes in each member of PDS?
- How do I copy data sets to other LPAR?
Batch jobs (JCLs)
- How to automate checking for normal completion of a job (counting the number of lines)?
- How do I create a Data Set or a Data Set member?
- How do I copy a Data Set or a Data Set member?
- How do I fill VSAM with records?
- How do I rename a Data Set in batch?
- How do I delete a Data Set or a Data Set member?
- How do I compress a Partitioned Data Set?
- How do I convert Partitioned Data Set PDS to Partitioned Data Set Extended PDSE and vice versa?
- How do I split a Sequential Data Set or PDS member?
- How do I copy first n records of Sequential Data Set or PDS member?
- How do I work with a Catalog?
- Replacing archaic JCL constructs
- Sample solution to transfer datasets from one system to another using XMIT and ADRDSSU
- JCL job template for evenly dividing the dataset into parts
- How to work with a Catalog?
z/OS System operating
- z/OS network commands
- JES commands
- SDSF commands
- XMIT
- WLM (COMING SOON, STAY TUNED)
- IPL and its maintenance
- Omegamon for Storage
- Omegamon for DB2
z/OS Subsystem operating