IBM Mainframe Forum

Purpose

Use the SETROPTS command to set system-wide RACF options related to resource protection dynamically. Specifically, you can use SETROPTS to do the following:

* Gather and display RACF statistics
* Protect terminals
* Log RACF events
* Permit list-of-groups access checking
* Display options currently in effect
* Enable or disable the generic profile checking facility on a class-by-class basis
* Activate checking for previous passwords and password phrases
* Limit unsuccessful attempts to access the system using incorrect passwords and password phrases
* Control change intervals for passwords and password phrases
* Control mixed-case passwords
* Warn of password expiration
* Establish password syntax rules
* Activate auditing for access attempts by class
* Activate auditing for security labels
* Require that all work entering the system, including users logging on and batch jobs, have a security label assigned
* Enable or disable the global access checking facility
* Refresh in-storage profile lists and global access checking tables
* Set the password the operator must supply in order for RACF to complete an RVARY command that changes RACF status or changes the RACF databases
* Enable or disable the sharing, in common storage, of discrete and generic profiles for general resource classes
* Activate or deactivate auditing of access attempts to RACF-protected resources based on installation-defined security levels
* Control the automatic data set protection (ADSP) attribute for users
* Activate profile modeling for GDG, group, and user data sets
* Activate protection for data sets with single-level names
* Control logging of real data set names
* Control the job entry subsystem options
* Activate tape data set protection
* Control whether RACF is to allow users to create or access data sets that do not have RACF protection
* Activate and control the scope of erase-on-scratch processing
* Activate program control, which includes both access control to load modules and program access to data
* Prevent users from accessing uncataloged permanent data sets
* Establish a system-wide VTAM® session interval
* Set an installation-wide default for the RACF security retention period for tape data sets
* Activate enhanced generic naming for data sets and entries in the global access checking table
* Set installation defaults for primary and secondary national languages
* Activate auditing for APPC transactions
* Use the dynamic class descriptor table.