Glossary
A
access. The ability to obtain the use of a protected
resource.
access authority. An authority related to a request for
a type of access to protected resources. In RACF, the
access authorities are NONE, EXECUTE, READ,
UPDATE, CONTROL, and ALTER.
accessor environment element (ACEE). A
description of the current user, including user ID,
current connect group, user attributes, and group
authorities. An ACEE is constructed during user
identification and verification.
ACEE. See
accessor environment element
.
appropriate privileges. In the OpenEdition MVS
implementation, superuser authority. A trusted or
privileged attribute is an attribute associated with a
started procedure address space and with any process
associated with the address space.
AUDIT request. The issuing of the RACROUTE macro
with REQUEST=AUDIT specified. An AUDIT request is
a general-purpose security-audit request that can be
used to audit a specified resource name and action.
AUTH request. The issuing of the RACROUTE macro
with REQUEST=AUTH specified. The primary function
of an AUTH request is to check a user's authorization to
a RACF-protected resource or function. The AUTH
request replaces the RACHECK function. See also
authorization checking
.
authority. The right to access objects, resources, or
functions. See
access authority, class authority,
and
group authority
.
authorization checking. The action of determining
whether a user is permitted access to a protected
resource. RACF performs authorization checking as a
result of a RACROUTE REQUEST=AUTH or
RACROUTE REQUEST=FASTAUTH.
automatic command direction. An extension of
command direction that causes RACF to automatically
direct certain commands to one or more remote nodes
after running the commands on the issuing node.
Commands can be automatically directed based on who
issued the command, the command name, or the profile
class related to the command. Profiles in the
RRSFDATA class control to which nodes commands
are automatically directed. See also
automatic
password direction
,
automatic command direction
,
automatic direction of application updates
, and
command direction
.
automatic direction. An RRSF function that
automatically directs commands, ICHEINTY and
RACROUTE macros, and password-related updates to
one or more remote systems. See also
automatic
command direction
,
automatic password direction
, and
automatic direction of application updates
.
automatic direction of application updates. An
RRSF function that automatically directs ICHEINTY and
RACROUTE macros that update the RACF database to
one or more remote systems. Profiles in the
RRSFDATA class control which macros are
automatically directed, and to which nodes. See also
automatic direction
,
automatic command direction
, and
automatic password direction
.
automatic password direction. An extension of
password synchronization and automatic command
direction that causes RACF to automatically change the
password for a user ID on one or more remote nodes
after the password for that user ID is changed on the
local node. Profiles in the RRSFDATA class control for
which users and nodes passwords are automatically
directed. See also
password synchronization, automatic
command direction, automatic direction of application
updates, and automatic direction.
C
cache structure. A coupling facility structure that
contains data accessed by systems in a sysplex. MVS
provides a way for multiple systems to determine the
validity of copies of the cache structure data in their
local storage.
callable service. In OpenEdition MVS, a request by
an active process for a service. Synonymous with
syscall
,
system call
.
CDT. See
class descriptor table
.
class. A collection of RACF-defined entities (users,
groups, and resources) with similar characteristics. The
class names are USER, GROUP, DATASET, and the
classes that are defined in the class descriptor table.
class authority (CLAUTH). An authority enabling a
user to define RACF profiles in a class defined in the
class descriptor table. A user can have class authorities
to one or more classes.
class descriptor table (CDT). A table consisting of an
entry for each class except the USER, GROUP, and
Copyright IBM Corp. 1994, 1997 39