Resource Access Control Facility

RACF, short for Resource Access Control Facility, is an IBM software product. It is a security system that provides access control and auditing functionality for the z/OS and z/VM operating systems. RACF was introduced in 1976.

It fulfills the main features:

  • Identification and verification of a user via user id and password check (authentication)
  • Identification, classification and protection of system resources
  • Maintenance of access rights to protected resources (authorization)
  • Control the means of access to protected resources
  • Logging of accesses to a protected system and protected resources (auditing)

RACF establishes security policies rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time.

RACF has continuously evolved to support such modern security features as digital certificates/public key infrastructure services, LDAP interfaces, and case sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux. The underlying zSeries hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2 Version 8, use RACF to provide multi-level security (MLS).

Its primary competitors have been ACF2 and TopSecret, both now produced by CA, Inc.

Famous quotes containing the words resource, access, control and/or facility:

    Your kind doesn’t just kill men. You murder their spirits, you strangle their last breath of hope and freedom, so that you, the chosen few, can rule your slaves in ease and luxury. You’re a sadist just like the others, Heiser, with no resource but violence and no feeling but fear, the kind you’re feeling now. You’re drowning, Heiser, drowning in the ocean of blood around this barren little island you call the New Order.
    Curtis Siodmak (1902–1988)

    A girl must allow others to share the responsibility for care, thus enabling others to care for her. She must learn how to care in ways appropriate to her age, her desires, and her needs; she then acts with authenticity. She must be allowed the freedom not to care; she then has access to a wide range of feelings and is able to care more fully.
    Jeanne Elium (20th century)

    For the mother who has opted to stay home, the question remains: Having perfected her role as a caretaker, can she abdicate control to less practiced individuals? Having put all her identity eggs in one basket, can she hand over the basket freely? Having put aside her own ambitions, can she resist imposing them on her children? And having set one example, can she teach another?
    Melinda M. Marshall (20th century)

    In progress of time, when my mind was, as it were, strongly impregnated with the Johnsonian æther, I could, with much more facility and exactness, carry in my memory and commit to paper the exuberant variety of his wit and wisdom.
    James Boswell (1740–1795)