Resource Access Control Facility

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

RACF, [usually pronounced Rack-Eff] short for Resource Access Control Facility, is an IBM software product. It is a security system that provides access control and auditing functionality for the z/OS and z/VM operating systems. RACF was introduced in 1976.[1]

Its main features are:[1]

  • Identification and verification of a user via user id and password check (authentication)
  • Identification, classification and protection of system resources
  • Maintenance of access rights to the protected resources (authorization)
  • Controlling the means of access to protected resources
  • Logging of accesses to a protected system and protected resources (auditing)

RACF establishes security policies rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time .[citation needed]

RACF has continuously evolved[2] to support such modern security features as digital certificates/public key infrastructure services, LDAP interfaces, and case sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux. The underlying zSeries (now z Systems) hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2 Version 8, use RACF to provide multi-level security (MLS).

Its primary competitors have been ACF2 and TopSecret, both now produced by CA Technologies.[3]


  1. ^ a b "IBM RACF". Retrieved August 17, 2012.
  2. ^ "IBM RACF - The History of RACF". Retrieved August 17, 2012.
  3. ^ Jeffrey Yost, "The Origin and Early History of the Computer Security Software Products Industry," IEEE Annals of the History of Computing 37 no. 2 (2015): 46-58 doi

External links[edit]