RACF: Advanced Administration

This three-day, hands-on course is the natural follow-on to RSM's definitive RACF Administration & Auditing course for all RACF Administrators. It enables attendees to build on the knowledge and skills they have gained previously with further advanced skills and techniques.
In this course experienced RACF Administrators will learn how to handle the more technically challenging aspects of using RACF in today's z/OS environments.
The course is packed with challenging, practical, hands-on exercises that will reinforce what attendees learn during the classroom sessions.

This course is also available for exclusive, one-company presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.

Virtual Classroom Environment dates - click to book!

28 June 2021 27 September 2021

What is a 'Virtual Classroom Environment'?


What do I need?

  • webcam
  • headphones with microphone
  • sufficient bandwidth, at least 1.5 Mb/s in each direction.

What you will learn

On successful completion of this course you will be able to:

  • describe and explain in detail the RACF architecture, its components and facilities
  • understand and use the SETROPTS and RVARY command to manipulate the RACF options and database
  • use Advanced General Resources classes
  • define users to use TSO
  • define the parameters needed to set up security for JES2 and SDSF
  • describe the facilities provided by RRSF
  • describe the B1 Security parameters including Security labels, levels and categories
  • list what facilities RACF provides for Digital Certificates.

Who Should Attend

The course is suitable for all Security Administrators & Systems Programmers.


Attendees should have a clear understanding of RACF at both the conceptual and practical level. All should have attended the course RACF Administration & Auditing.


3 days

Fee (per attendee)

£1600 (ex VAT)

Course Code



What is RACF?

Why do we need security?; What does security provide?; How does RACF work?; RACF profiles; RACF classes; Controlling access; RACF commands.

Defining TSO Users

TSO & RACF; The TSO segment of a user profile; TSO General Resource classes; TSO/E logon screen; TSO administration.

Advanced General Resources

The FACILITY Class in general; The HELPDESK function; Setting up the HELPDESK facility classes; Password Reset and List User with the Owner and Group functions; Password Enveloping; How does password enveloping work; Exceptions to Password enveloping; RACF Variables; Using the RACFVARS Class; Using RACF variables; FIELD Level access checking; Using the FIELD class; Delegating TSO Administration; Security for OMVS; Using the CFIELD class; What is a CUSTOM FIELD; RACF Command changes; Define a Custom Field; Activate a Custom Field; Putting data into a Custom Field; Authorisation for CSDATA; RACF Panel changes; RACF Profile segments; DASD volume operations; Access to DASD volumes; DASDVOL profiles; RACF security for TAPES; Tape volume protection; Tape data set protection;TAPEVOL, BLP; OPERCMDS class.


RACF & JES2; JES resources protected by RACF; Batch user identification; Userid propagation; Surrogate Job Control; JES Earlyverification; Started Task identification; SETROPTS options for JES; Network Job Entry (NJE); Remote Job Entry (RJE); z/OS security environment; Resource classes for JES security; Securing jobs with RACF; Job input processing; Job submission control; Job validation; JES job input sources; JESINPUT - controlling Port-Of-Entry device names; Job name control; TSO SUBMIT/CANCEL commands; SURROGAT class; Surrogate job submission; Job input processing: PROPCNTL & SECLABEL; Nodes class; NJE security; Controlling transmission to other nodes; Controlling receipt of jobs & sysout; Propagation through NJE; Translation between nodes; RJE/RJP signon & logon security; Controlling output destinations; Security overlays with PSF; Spool protection; JES dataset name format; JESPOOL class profiles; Controlling messages; Controlling data transmission; SDSF; SDSF authorised commands; SDSF line & implicit commands.

RACF Remote Sharing Facility

The RACF Remote Sharing Facility; RACF command direction; RACF password synchronisation; managed user associations; controlling RACLINK use; controlling password synchronisation; controlling the AT keyword; automatic RACF command direction; controlling automatic RACF command direction; combined RACF command direction; use of ONLYAT keyword; automatic password synchronisation; controlling automatic password synchronisation; password synchronisation by command; combined RACF command direction; defining RRSF nodes; the RACF subsystem & parameter library; APPC and TCP/IP connections.

Security Labels

Security classification; Multilevel security;Security labels; Security levels; Security categories; Dominance and equivalence.

RACF & Digital Certificates

Cryptography in Internet applications; Public key cryptography overview; What is a digital certificate?; Public key & certificate; Uses for certificates in applications; Secure Sockets Layer (SSL); Digital certificates and RACF; How RACF uses digital certificates; RACF classes & commands; RACF certification generation; RACDCERT command; Creating a certificate; Gencert examples; Key rings; Certification installation; RACDCERT ADD examples; Certification installation; Certificate management.


Basic SETROPTS; Dataset related parameters; General related parameters; InStorage Profile parameters, B1 Security parameters; JES parameters; Userid and Password parameters; AUDIT parameters; SETROPTS command authority; the RVARY command; RVARY Passwords; RACF FAILSOFT processing.

Q & A session

© RSM Technology 2021