RACFSYNC

The RACFSYNC system initialization parameter specifies whether CICS® listens for type 71 ENF events.

RACFSYNC={YES|NO}

RACF® sends a type 71 ENF signal to listeners when a CONNECT, REMOVE, or REVOKE command changes a user's resource authorization. In addition, with RACF APAR OA58677 and SAF APAR OA58678, RACF sends a type 71 ENF signal to listeners when a user ID is revoked automatically as a result of too many failed password attempts.

When CICS receives a type 71 ENF event for a user ID, all cached user tokens for the user ID are invalidated, irrespective of the setting of the USRDELAY parameter. Subsequent requests from that user ID force a full RACF RACROUTE VERIFY request, which results in a refresh of the user's authorization level. CICS will also make DB2® threads for the associated userid issue a full signon when they are next reused. User tokens for tasks that are currently running are not affected.

Note: Specify the RACFSYNC=NO parameter only under direction from IBM® Service.

YES: CICS listens for type 71 ENF events.
NO: CICS does not listen for type 71 ENF events.

Note: In the configuration where type 71 signals are issued for large numbers of users simultaneously, combined with large numbers of connections to DB2, the temporary performance overhead might be significant when the full signon processing across all affected DB2 threads is completed. To reduce the impact of type 71 ENF processing, it is recommended that updates to large numbers of RACF users be made during off-peak periods.

Restrictions: You can specify the RACFSYNC parameter only in the system initialization table (SIT), the PARM parameter of the EXEC PGM=DFHSIP statement, or the SYSIN data set.