Basics of z/OS RACF Administration



Learn how to administer the z/OS Security Server Resource Access Control Facility (RACF). Get an introduction to the z/OS environment, Time Sharing Option (TSO) and Interactive System Productivity Facility / Program Development Facility (ISPF/PDF), batch processing, and z/OS data sets. Gain experience with z/OS by viewing, and allocating datasets, submitting a batch job, and viewing job output. Learn how to use basic RACF command parameters, and panels, to define users and groups, protect general resources, z/OS data sets, and choose a basic set of RACF options.

Course Materials

The course materials cover z/OS Security Server RACF.

Hands-On Labs

Nine labs are included to address logging on to the z/OS system, working with z/OS data sets, submitting batch jobs to z/OS, using System Display and Search Facility (SDSF) to view jobs in the system, defining a RACF group structure, RACF user administration, delegating security administration, protecting z/OS data sets, and using RACF for TSO administration.

Hands-on lab projects may be done in teams depending on the number of attendees and location.


This is a basic course for individuals who are new to z/OS and the z/OS Security Server RACF and who administration security using the RACF element of the z/OS Security Server.

Experienced z/OS users should take:

  • Effective RACF Administration (BE87)


Some familiarity with z/OS system facilities is beneficial. Background material needed to proceed is presented the first day.

Learning Objectives

  • Understand the basic features and concepts of zSeries architecture and of the z/OS operating system as they relate to security administration
  • Describe the allocation process for data sets in the z/OS environment
  • Understand how programs access data sets and how RACF security interacts in that process
  • Identify the security requirements of an z/OS system
  • Use basic facilities and features of RACF
  • Define new users and groups to RACF
  • Use RACF to protect z/OS data sets and general resources
  • Select a base set of options to tailor RACF

1. Review of z/Architecture and z/OS

  • Describe z/Architecture
  • Provide an overview of z/OS and its components
  • Explain the concept of virtual storage and its exploitation in z/OS
  • List the different kinds of data sets and discuss their management in z/OS
  • Name the main end-user interfaces of z/OS

2. An Introduction to ISPF and ISPF/PDF

  • Name and describe the components of ISPF
  • Log on to the lab system of this class
  • Log off from the lab system of this class
  • Start ISPF/PDF
  • Provide an overview of the structure of ISPF/PDF panels
  • Alter the ISPF/PDF settings
  • Use ISPF/PDF to view a data set

3. An Introduction to Data Sets

  • Describe data management concepts
  • Explain the data set allocation process
  • Describe the catalog structure
  • Explain how data sets are defined and used
  • Allocate a new data set
  • Edit a data set using ISPF/PDF
  • Delete a data set
  • Use ISPF/PDF data set list

4. Batch Processing

  • Name and explain the Job Entry Subsystem 2 (JES2) job processing phases
  • Describe the general layout of a job
  • List and describe the components of a Job Control Language (JCL) statement
  • Submit a batch job to z/OS
  • Use ISPF 3.8 and SDSF to handle the job output

5. Security and RACF Overview

  • Explain the role RACF plays in data security
  • List the four major functions of RACF
  • Explain how RACF allows or denies a user access to a resource, given a diagram of RACF's resource authorization checking process
  • Define the terms Universal Access Authority (UACC), access list, user profile, and resource profile
  • Describe the role of the security administrator and the auditor
  • Explain the features of RRSF

6. Administering Groups and Users

  • Describe the group structure in RACF
  • Create a group structure by defining appropriate RACF group profiles
  • Define new users to RACF
  • Implement a centralized or decentralized administrative structure

7. Protecting z/OS Data Sets

  • State the differences between generic and discrete data set profiles
  • Explain the process RACF uses to grant or deny user access to a data set
  • Use the RACF commands or panels to define data set profiles

8. Introduction to General Resources

  • Describe the concepts of general resources
  • Add a Time Sharing Option (TSO) user to RACF
  • Add a UNIX System Service user to RACF
  • Set up a user help desk function

10. RACF Options

  • Understand the impact that RACF options have on an installation
  • Identify those options that require special planning before activation
  • Identify a basic set of options appropriate for an installation

11. Other Administrative Facilities and Features

  • Describe the use of the global access table
  • Describe the purpose of the started procedure table
  • Define a protected user
  • Explain the use of the restricted user attribute
  • Use the RACF database unload utility to document your RACF system
  • Describe how to map a digital certificate to a RACF userid