Resource Access Control Facility

Overview #

Resource Access Control Facility (RACF) is a External Security Managers (ESM) from IBM.

Resource Access Control Facility is a External Security Managers (ESM) that provides access control and auditing functionality for the z/OS and z/VM operating systems. RACF was introduced in 1976.[1]

Resource Access Control Facility fulfills the main features[1]:

  • Identification and verification of a user via user id and password check (authentication)
  • Identification, classification and protection of system resources
  • Maintenance of access rights to protected resources (authorization)
  • Control the means of access to protected resources
  • Logging of accesses to a protected system and protected resources (auditing)

Resource Access Control Facility establishes security policies rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time.

Resource Access Control Facility has continuously evolved to support such modern security features as digital certificates/Public Key Infrastructure services, LDAP interfaces, and case-sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux. The underlying zSeries hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2 Version 8, use RACF to provide multi-level security (MLS).

More Information #

There might be more information for this subject on one of the following: