RACF History

• September 1976, Version 1 Release 1
  • User identification/verification
  • Data set authorization checking
  • Journaling
  • UT100, UT200, BLKUPD
    
• July 1977, Version 1 Release 2
  • TAPE and DASD Volume protection
  • Dynamic control of RACF options (SETROPTS)
  • In-storage index blocks
    
• July 1978, Version 1 Release 3
  • General resources
  • In-storage profiles
  • Report Writer (9/80)
    
• November 1981, Version 1 Release 4
  • Password processing support
  • List-of-groups
  • RACF data manager interface (ICHEINTY)
    
• September 1983, Version 1 Release 5
  • Generic profiles
  • Global Access Check table
  • SAF interface (RACROUTE)
  • First commercial security product evaluated by the NCSC (July, 1984, C1 level of trust)
    
• March 1984, Version 1 Release 6
  • Data Security Monitor (June, 1984)
  • Panel interface (ISPF)
  • DES password encryption option
    
• December 1985, Version 1 Release 7
  • Tape data set support
  • Program control
  • Program access to data sets
  • CICS support
  • DASD erase-on-scratch
  • Security levels and categories
  • User/terminal time-of-day and day-of-week control
  • Placed on the EPL at a C2 level of trust (June, 1988, C2 level of trust)
    
• September 1984, RACF/VM PRPQ
  • Based on RACF 1.6
    
• December 1985, RACF/VM PRPQ based on RACF/MVS 1.7
  
• December 1986, Version 1 Release 7.1 (VM)
  • Replaces RACF/VM PRPQ
  • Improved installability
  • Documentation re-write
    
• December 1987, Version 1 Release 8 (MVS)
  • SYS1.UADS in RACF DB
  • RVARY DB allocate/deallocate
    
• March 1988, Version 1 Release 8 (VM)
  • DSMON for VM
  • Dual registration
    
• December 1988, Version 1 Release 8.1 (MVS)
  • DFSMS support
  • EXECUTE only for private libraries
  • Dump controls
    
• December 1988, Version 1 Release 8.2 (VM)
  • Enhanced VM event auditing
  • Limited function RACROUTE
  • Placed on the EPL by the NCSC at a C2 level of trust
    
• September 1990, Version 1 Release 9
  • Support for mandatory access control policies
  • MVS: OPERCMD support
  • JES: SYSOUT, JOBNAME control
  • SDSF: Control of SDSF functions, commands, and fields
  • CICS: Operator support
  • Full function VM RACROUTE
  • Placed on the EPL by the NCSC at a B1 level of trust (MVS)
  • Tailorable command interface (VM)
  • RACF DB Unload (MVS: January 1992, VM: June, 1992)
    
• September 1992, Version 1 Release 9.2 (MVS)
  • Performance enhancements
  • APPC/MVS support
  • LU6.2 persistent verification support
  • RACF address space
  • Expanded number of general resource classes
  • DSMON support for dynamic APF-list
    
• September 1992, Version 1 Release 9.2 (VM)
  • Security label support
  • Multiple RACF service machines
  • Enhanced auditing
  • Expanded number of general resource classes
  • Enhanced DIAG X'A0' privilege checking and auditing
    
• June 1994, Version 2 Release 1
  • Sysplex data sharing
  • OpenEdition MVS support
  • Secured Signon
  • SMF Data Unload
  • Dynamic started procedures table
  • Enhanced RACROUTE=LIST
  • Enhanced CICS timeout
  • Publications on CD-ROM
  • DES as password default
    
• September 1995, Version 2 Release 2
  • RACF Remote Sharing Facility
    • Password synchronization
    • Remote administration
    • Database synchronization
  • More OpenEdition support for MVS
  • NETVIEW support
  • 1024 POSIT support
  • Remove ID Utility
    
• March 1996, OS/390 Release 1 Security Server
  • Same function as RACF 2.2
    
• April 1996, Version 1 Release 10 for VM
  • OpenEdition for VM/ESA support
    • Providing the capability to register OpenEdition for VM/ESA users and groups in the RACF database.
    • Offering security for files and directories residing in the OpenEdition byte file system.
  • Shared file system (SFS) support enabling RACF file level protection for files and directories residing in the VM/ESA shared file system.
  • Simplified product installation and service through VMSES/E support.
  • SMF data unload allowing advanced analysis of audited events using the relational data manager of your choice.
    
• September 1996, OS/390 Release 2 Security Server
  • Same function as RACF 2.2
    
• March 1997, OS/390 Release 3 Security Server
  • Automatic direction of application updates
  • Target command enhancements
  • Exit for RACF commands
  • Prevent the automatic addition of user ID to access list
  • Enhanced support for SOMobjects for MVS
  • Enhanced administration for DCE to RACF identity mapping
  • TCOMMAND administration from RACF commands
  • OpenEdition performance enhancements
  • Eliminate the requirement for a VOLSER on PROGRAM profiles
  • Control of programs by SMF system ID
    
• September 1997, OS/390 Release 4 Security Server
  • RACF control of DB2 objects
  • Mapping of public-key certificates to RACF user IDs
    
• September1998, OS/390 Release 6 Security Server
  • Auto-registration of certificates (with APAR OW31933)
  • Labels for digital certificates
  • Support for Network-Qualified VTAM names
    
• September 1999, OS/390 Release 8 Security Server
  • Certificate support for OS/390-based servers
    • Creation of certificates, including certificate authority and site certificates
    • Creation, modification, and deletion of key rings
    • Importation and exportation of certificates
    • Generation of certificate requests
    • Alteration of the label of a certificate
  • UNIX System Services superuser Granularity
  • UNIX System Services user limits
  • PROTECTED user IDs
  • Support for DB2 Version 6
  • RACFICE reporting tool for IRRADU00 and IRRDBU00
  • r_admin callable service enhanced to retrieve and set  RACF SETROPTS options
    
    
• September 2000, OS/390 Release 10 Security Server
  • Certificate name filtering
  • Support for the Network Authentication Service
  • Enhancements to program control
  • Application Identity Mapping
  • Enhanced PassTickets
  • Public key certificate enhancements
  • Enhanced superuser granularity
    
• March 2001, z/OS Release 1 Security Server
  • Same RACF function as the OS/390 Release 10 Security Server
    
• September 2001, z/OS Release 2 Security Server
  • UNIVERSAL groups
  • Mixed-case profile names
  • SAFTRACE
  • Support for Enterprise Java Beans
  • Support for DB2 Version 7
  • Enhanced Network Authentication Support
    
• March 2002, z/OS Release 3 Security Server
  • Access control lists (ACLs) for z/OS UNIX System Services
  • Support for the new PKI Services component of the z/OS Security Server
  • Policy Director Authentication Services
    
• September 2002, z/OS Release 4 Security Server
  • Support for Enterprise Identity Mapping (EIM) services
  • Enhanced PKI Services support
  • Automatic assignment of UIDs and GIDs
  • SEARCH command support for searching by UID and GID
  • Enhanced program access to data set (PADS) support
    
• September 2003, z/OS Release 5 Security Server
  • Dynamic RACF database templates
  • Multilevel secuirty
  • RACF support for DB2 Version 8
    
• September 2004, z/OS Release 6 Security Server
  • Dynamic RACF class descriptor table
  • Common Criteria evaluation
  • Password enveloping and LDAP change log support
  • Enhancements to multilevel security auditing
    
• September 2005, z/OS Release 7 Security Server
  • Mixed case passwords
  • Detect or prevent password recycling
  • Keeping the revocation date when resuming users
  • Improved SETR INACTIVE processing for new users
  • Automatic RVARY SWITCH for certain hardware DASD errors
  • r_admin enhancements for extracting information about users and groups
  • Nested ACEEs
  • PassTicket enhancements
  • XML output for the SMF Data Unload Utility (IRRADU00)
  • RACF support for the IBM Health Checker for z/OS
    
• September 2006, z/OS Release 8 Security Server
  • Password phrases from 14 to 100 characters in length
  • Virtual key rings
  • Enhancements to the RACF_SENSITIVE_RESOURCES check and new RACF checks
  • CRITERIA support for DB2 Version 9 for z/OS
  • IRRUT200 and IRRUT400 enhancements
  • Group Change Logging
  • Remote Authorization and Audit (EIM)
  • Enhancements to PKI Services
    
• September 2007, z/OS Release 9 Security Server
  • Password phrases from 9 to 13 characters in length
  • Kerberos AES support
  • Java RACF User and Group administration interface
  • Writable SAF Key ring support
  • A reaffirmation of the z/OS Statement of Integrity

• September 2008, z/OS Release 10 Security Server
  • Password phrase exploitation
    • TSO/E
    • UNIX rlogin, su, and password commands
    • z/OS Kerberos
    • LDAP SDBM backend
    • OpenSSH
  • More granularity on password reset
  • Custom fields for user and group profiles
  • New RACF Health Checks:
    • Installation-defined resources
    • ICHAUTAB
  • RACDCERT creation of 4096-it RSA keys in software
  • PKI Services: Added DN attribute types and additional UTF-8 support  
    
• September 2009, z/OS Release 11 Security Server
  • Program object signature verification
  • Logon statistics suppression
  • Identity propagation
  • R_admin extract support for general resources
  • LDAP change logging for general resources
  • Automatic creation of OMVS segments for users and groups
  • RACROUTE REQUEST=FASTAUTH honors the TRUSTED and PRIVILEGED attributes
  • Profile name in authorization exits
  • IRRADU00 support for WAS and TKLM
  • RACDCERT multi-byte character improvements
• 
  
• September 2010, z/OS Release 12 Security Server
  • Generic profile load performance improvements
  • "Ghost" generic profile aviodance
  • SAFTRACE filtering enhancements
  • Caller's PSW in ACEE
    
• September 2011, z/OS Release 13 Security Server
  • RACF Remote Sharing Facility (RRSF) over TCP/IP
  • Identity propagation extensions
  • RACDCERT support for elliptic curve cryptography
  • New RACF Health Checks: RACF_AIM_STAGE, RACF_UNIX_ID, ZOSMIGV2R1_UNIX_ID

This page was last updated June, 2012.