Resource Access Control Facility

RACF, short for Resource Access Control Facility, is an IBM software product. It is a security system that provides access control and auditing functionality for the z/OS and z/VM operating systems. RACF was introduced in 1976.

It fulfills the main features:

  • Identification and verification of a user via user id and password check (authentication)
  • Identification, classification and protection of system resources
  • Maintenance of access rights to protected resources (authorization)
  • Control the means of access to protected resources
  • Logging of accesses to a protected system and protected resources (auditing)

RACF establishes security policies rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time.

RACF has continuously evolved to support such modern security features as digital certificates/public key infrastructure services, LDAP interfaces, and case sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux. The underlying zSeries hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2 Version 8, use RACF to provide multi-level security (MLS).

Its primary competitors have been ACF2 and TopSecret, both now produced by CA, Inc.

Famous quotes containing the words resource, access, control and/or facility:

    In a world which furnishes so many employments which are useful, and so many which are amusing, it is our own fault if we ever know what ennui [boredom] is, or if we are ever driven to the miserable resource of gaming, which corrupts our dispositions, and teaches us a habit of hostility against all mankind.
    Thomas Jefferson (1743–1826)

    Lesbian existence comprises both the breaking of a taboo and the rejection of a compulsory way of life. It is also a direct or indirect attack on the male right of access to women.
    Adrienne Rich (b. 1929)

    We human beings do have some genuine freedom of choice and therefore some effective control over our own destinies. I am not a determinist. But I also believe that the decisive choice is seldom the latest choice in the series. More often than not, it will turn out to be some choice made relatively far back in the past.
    —A.J. (Arnold Joseph)

    Learning has been as great a Loser by being shut up in Colleges and Cells, and secluded from the World and good Company. By that Means, every Thing of what we call Belles Lettres became totally barbarous, being cultivated by Men without any Taste of Life or Manners, and without that Liberty and Facility of Thought and Expression, which can only be acquir’d by Conversation.
    David Hume (1711–1776)