IBM RACF for zOS 3x0 Mainframe Systems

Post date: Jul 27, 2011 8:12:30 PM

This is the URL for the IBM RACF Admin guide http://publib.boulder.ibm.com/infocenter/zos/v1r12/topic/com.ibm.zos.r12.icha700/toc.htm. Or to be precise, the z/OS V1R12.0 Security Server RACF Security Administrator's Guide, SA22-7683-14.

RACF is the Resource Access Control Facility. It is is part of the IBM z/OS Security Server. IBM System z/OS is usually synonymous mainframe computers. There was a System 360 (Sierra?) in days long past. IBM now offers the System 390. The User's Guide for RACF is accessible, free of charge. IBM offers many product manuals free of charge, especially for well-established, 40 year old product lines.

Here is IBM's own answer to the question What is RACF?

Resource Access Control Facility (RACF®) is a security program. It is a component of the Security Server for z/OS®. RACF controls what you can do on the z/OS operating system. You can use RACF to protect your resources. RACF protects information and other resources by controlling the access to those resources. RACF provides security by:

• Identifying and verifying users

• Authorizing users to access protected resources

• Recording and reporting access attempts

A question about IBM System Z mainframes and RACF

I wrote a brief IBM mainframe "tribute" post on my own TypePad weblog, Reconsider the mainframe (July 2011), about Hercules, an open source z/OS emulation program that facilitates applications development on modern mainframes. Around the same time, I left my RACF question as a comment on the official IBM Mainframe weblog on TypePad, but as yet, have not received an answer.

My question

"I've been following The Mainframe Blog for some time now (finally subscribed today). I worked at IBM GPD San Jose, modelling performance using queuing theory, for storage controllers and DASD. I was very happy at IBM, wish I were still with them, although GPD San Jose is no more. I've continued to use mainframes, VM/CMS for development more so in the past, MVS/TSO with SPF, JCL etc. in the present. Even tried Netezza once, after the IBM acquisition!

Recall RACF? Of course YOU do! Well, it is alive and well, with fastidious documentation available from IBM Colorado's pub website. I was reading the online RACF system admin user's guide last week, as the recent torrent of tacky hacky is increasingly worrisome. RACF was intended for z/OS. A UNIX version exists too.

I have a question, please: Would it, could it, be extensible to any of the shops whose data was recently compromised? Is RACF superior (nothing is impervious, I realize) to security solutions typically implemented by most enterprises today? Whatever that may be. Citrix Defender?

Any thoughts or suggestions about this would be greatly appreciated. I truly haven't known who else, or where, to ask, not without being ridiculed. Or receiving a dismissive answer that was uninformed. I'm not worried about ridicule, or ignorance, here on The Mainframe Blog."