RACF Administration and Auditing

4 Day Course
Hands On
Official IBM Curriculum

Book Now - 1 Delivery Method Available:

Classroom Virtual Classroom Private Group - Virtual Self-Paced Online


It introduces the concepts, terminology, commands, and procedures involved in administering and auditing RACF. All major aspects of day-to-day RACF administration and auditing are covered.

This course is suitable for RACF Administrators and Auditors, Systems Programmers and any other technicians requiring a knowledge of RACF administration principles and practices.

On successful completion of this course, attendees will be able to:

  • Explain the need for security in business information systems
  • Describe how RACF meets business information systems security needs
  • Design a group structure to meet their installation’s requirements
  • Explain & use RACF commands
  • Describe the effect of the various group profile related parameters
  • Explain the management and use of the various non-RACF segments in user profiles
  • Connect users to groups and manage the assigned group authorities
  • Use the dataset related commands to manage both discrete and generic profiles
  • Manage general resources
  • Use and explain the operation of the setropts management commands Use and interpret the output of the Data Security Monitor
  • Use the database unload utility, cross reference utility, remove id utility, database verification utility,
  • Database split/merge/extend utility, and the database block update utility.

Training Partners

We work with the following best of breed training partners using our bulk buying power to bring you a wider range of dates, locations and prices.


Hide all

Introduction (1 topic)

  • What is RACF?; Why do we need Security?; Security in the Old Days; Security These Days; What security do we need?; Where are the dangers?; How can RACF help?; RACF Profiles; How RACF operates; The RACF Database; Resource Classes.

The RACF Manuals (1 topic)

  • The Manual Library; RACF Security Administrators Guide; RACF Command Language Reference; BookManager.

Planning for security (1 topic)

  • The Security Policy; Resource Ownership; How to protect Resources?; Grouping Resources and Users; Document the Plan.

Group structure (1 topic)

  • What are Groups?; Why have Groups?; Users and Groups; The Initial Group Structure; The Group Hierarchy; System Special and Group Special; Group Profile Ownership; Group Connections.

The RACF commands (1 topic)

  • Entering RACF Commands; RACF Commands and the Manuals; Entering RACF Commands in Batch; Online Help.

Defining RACF Groups (1 topic)

  • Group Profile Commands; Basic ADDGROUP; Specifying the Superior Group & Owner; Dataset Profile Modeling; RACF Remote Sharing Parameters; Other ADDGROUP Parameters; Non-RACF Segments - DFP, OMVS and OVM; Non-RACF Segments - TME; Full ADDGROUP Syntax; Full ALTGROUP Syntax; Full LISTGRP Syntax; LISTGRP Output; Full DELGROUP Syntax; Group Command Authority.

Defining Users (1 topic)

  • User Profile Commands; Basic ADDUSER; Specifying the Default Group; Group Authority; Class Authority; Group Access Authority; RACF Remote Sharing Parameters; Dataset Profile Modeling; RACF Authorities; RACF Attributes; Security Levels and Security Categories; Security Level Checking; Security Category Checking; Security Labels; Other ADDUSER Parameters; Non-RACF Segments (CICS); Non-RACF Segments (DCE); Non-RACF Segments (DFP, LANGUAGE); Non-RACF Segments (KERB, LNOTES, NDS); Non-RACF Segments (NETVIEW); Non-RACF Segments (USS, zVM); Non-RACF Segments (OPERPARM); Non-RACF Segments (TSO); Non-RACF Segments (WORKATTR); Full ADDUSER Syntax; Basic ALTUSER; ALTUSER Only Parameters; Full ALTUSER Syntax; Full LISTUSER Syntax; LISTUSER Output; Full DELUSER Syntax; User Command Authority; Basic PASSWORD; Changing Other Users Passwords; Full Syntax of PASSWORD; Password Command Authority.

Connecting Users to Groups (1 topic)

  • Connect and Remove Commands; Basic CONNECT; Full CONNECT Syntax; Basic REMOVE; Full REMOVE Syntax; Connect/Remove Command Authority.

Dataset profiles (1 topic)

  • Dataset Profile Commands; Basic ADDSD; Discrete Dataset Profiles; Discrete Profile Parameters; Generic Dataset Profiles; Generic Wildcard Characters - %; Generic Wildcard Characters - *; Generic Wildcard Characters - **; Specifying Dataset Attributes; Access Levels; Auditing Access Attempts; Profile Copying; RACF Remote Sharing Parameters; Security Level & Category Checking; Other Profile Attributes; Non-RACF Segments - DFP; Non-RACF Segments - TME; Full ADDSD Syntax; Basic ALTDSD; ALTDSD Only Parameters; Full ALTDSD Syntax; Basic LISTDSD; Listing Many Dataset Profiles; Listing Generic or Discrete Profiles; Specifying What To List; Full LISTDSD Syntax; LISTDSD Output; Full DELDSD Syntax; Dataset Command Authority; Basic PERMIT; Conditional Access Lists; Permitting Many Users Access; Removing Users and Groups; Deleting Access Lists; Full PERMIT Syntax; PERMIT Command Authority.

General Resource profiles (1 topic)

  • General Resource Profile Commands; Basic RDEFINE; Common RDEFINE Parameters; Adding Additional Profile Information; Non-RACF Segment - TME; When the Class is DLFCLASS; When the Class is APPCLU; When the Class is REALM; When the Class is PTKTDATA; When the Class is ROLE; When the Class is STARTED; When the Class is SYSMVIEW; When the Class is TAPEVOL; When the Class is TERMINAL; Full RDEFINE Syntax; Resource Grouping Classes; Protecting CICS Transactions; Protecting Load Modules; Protecting SDSF; Basic RALTER; RALTER Only Parameters; Full RALTER Syntax; Basic RLIST; Common RLIST Parameters; Listing Non-RACF Segments; Special RLIST Features; Full RLIST Syntax; RLIST Output; Full RDELETE Syntax; Remember PERMIT?; General Resource Command Authority.

Special RACF features (1 topic)

  • SEARCH command and control parameters.

The SETROPTS command (1 topic)

  • Basic SETROPTS; Dataset Related Parameters; General Parameters; In-Storage Profile Parameters; B1 Security Parameters; JES Parameters; Userid & Password Parameters; Auditor Parameters; SETROPTS LIST Examples; SETROPTS Command Authority.

Auditing RACF (1 topic)

  • RACF Auditing; RACF Report Writer; Basic RACFRW Commands; Full RACFRW Syntax; Full SELECT Syntax; Basic EVENT Command; Full EVENT Syntax; Full LIST Syntax; RACFRW Output Example; Full SUMMARY Syntax; RACF SMF Data Unload Utility; SMF Unload Utility JCL; Using the Unloaded RACF SMF Data; Processing the RACF SMF Data with DB2; Standard DB2 Tables; Data Security Monitor; System & Group Tree Reports; Pgm Properties & Auth Caller Table Reports; Class Descriptor Table & RACF Exits Report; Global Access Table Report; Started Procedures Table Report; Selected User Attribute Reports; Selected Data Sets Report.

RACF utility programs (1 topic)

  • Database Unload Utility; Database Cross Reference Utility; Database Cross Reference Utility Output; RACF Remove ID Utility; Database Verification Utility; Database Verification Utility Output; Database Split/Merge/Extend Utility; Database Block-Update Utility Command.


Attendees should have a clear understanding of zOS at a conceptual level and also have a basic understanding of RACF that can be gained by attending the RSM course Understanding RACF. A working knowledge of TSO/ISPF and JCL is also required.

Course PDF


Share this Course


Recommend this Course