https://mainframegeek.wordpress.

com/2011/04/25/mainframe-projects/
How can find out which RACF-ID is using the tables for the thier particular purp
ose?
When we got the error like this:
SQL0913N Unsuccessful execution caused by deadlock or timeout. Reason code "00C9
008E ".
Is it possible to send message via mainframes from one RACF ID to other?
If so what is the ISPF command for it?
By RACF ID do you mean the user-id used to log on?
Are you familiar with the "SEND" command in TSO? It allows you to send a text me
ssage to a TSO user - here's an example:
SEND ?SOME TEST? USER(theuserid) LOGON
The LOGON at the end says to send the message "now" if the specified user is log
ged on otherwise show the message when the userid does log on.
If i recall correctly, you can send the same message to multiple users using
Code:
SEND ?SOME TEXT? USER(uid1, uid2, uidn) LOGON
Also, if you include an asterisk '*' for the uid, the message will be sent to yo
u. If you don't specify a user, i believe the text will be sent to the system op
erator console - not acceptable at many sites.
Give the multiple id SEND a try and let me know if it works for you.
Keep in mind that from the command screen (=6) you can type SEND. From other com
mand lines, you'll need to key TSO SEND. The =6 screen also has more room to typ
e.
Re: RACF User ID Management Question
Postby steve-myers Wed Oct 27, 2010 6:39 am
Once a userid has been deleted it's completely gone. RACF has no way to remember
the userid. Rather than delete userids, most sites REVOKE the IDs of the dearly
departed (or possibly the not so dearly departed). This way the data sets and R
ACF access profiles related to the users do not also have to be deleted.
Resource Access Control Facility or RACF provides the tools to manage user acces
s to critical resources. RACF is an add-on software product that provides basic
security for a mainframe system (examples of other security software packages in
clude ACF2 and Top Secret, both from Computer Associates).
RACF protects resources by granting access only to authorized users of the prote
cted resources. RACF retains information about users, resources, and access auth
orities in special structures called profiles in its database, and it refers to
these profiles when deciding which users should be permitted access to protected
system resources.
To help your installation accomplish access control, RACF provides the ability t
o:
Identify and authenticate users
Authorize users to access protected resources

Log and report various attempts of unauthorized access to protected resource

s
Control the means of access to resources
Allow applications to use the RACF macros
RACF uses a user ID and a system-encrypted password to perform its user identifi
cation and verification. The user ID identifies the person to the system as a RA
CF user. The password verifies the user's identity. Often exits are used to enfo
rce a password policy such as a minimum length, lack of repeating characters or
adjacent keyboard letters, and also the use of numerics as well as letters. Popu
lar words such as "password" or the use of the user ID are often banned.
The other important policy is the frequency of password change. If a user ID has
not been used for a long time, it may be revoked and special action is needed t
o use it again. When someone leaves a company, there should be a special procedu
re that ensures that the user IDs are deleted from the system.
RACF, with its lists of users and lists of resources, allows management to deleg
ate the authority to the owners of these entities in such a way as to maintain t
he separation of duties while maintaining a flexible, responsive access control
strategy.
The delegation mechanism in RACF and the easy, nontechnical commands that change
the relationship of a user to a resource mean that adopting the principle of le
ast possible privilege need not be burdensome nor inflexible when unusual circum
stances dictate that access permission should be changed. When an unforeseen cir
cumstance requires a change in access privilege, the change can be made by a non
technical person with access to a TSO terminal, and management can be alerted to
review the fact that the change was made.
Major subsystems such as CICS and DB2 can use the facilities of RACF to protect tr
ansactions and files. Much of the work to configure RACF profiles for these subs
ystems is done by the CICS and DB2 system programmers. So, there is a need for p
eople in these roles to have a useful understanding of RACF and how it relates t
o the software they manage.