Resource Access Control Facility

Overview #

Resource Access Control Facility (RACF) is a provides the tools to help the installation manage access to critical resources.

Resource Access Control Facility works with the System Authorization Facility that provides Access Control and auditing functionality for the MVS operating systems. RACF was introduced in 1976.[1]

Resource Access Control Facility fulfills the main features[1]:

Resource Access Control Facility establishes security policies rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time.

Resource Access Control Facility has continuously evolved to support such modern security features as digital certificates/Public Key Infrastructure services, LDAP interfaces, and case-sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux. The underlying zSeries hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2 Version 8, use RACF to provide multi-level security (MLS).

Password Phrases#

Resource Access Control Facility RACF any password with 8 characters or less sets the RACF password for that user. Otherwise, it sets the Password Phrase for that user.

Ran Across Today (2018-09-05)#

Ldapwiki heard that on RACF Password Policy, based on the underlying System Authorization Facility (SAF) that the password change interval was an 8 bit filed and therefore can only be 0-254 days.

More Information #

There might be more information for this subject on one of the following: