Overview of SAF usage in IRMICMD

SAF is part of z/OS and provides the interface to your security product (such as RACF, CA-ACF2, or CA-Top Secret).

SAF tracks z/OS resources and uses security rules to determine who can access these resources and the type of access that they are assigned (such as READ or UPDATE access). A system security administrator typically is the person who manages SAF resource definitions that control access in the environment.

During initialization, IRMICMD issues calls to SAF to determine whether a user has the authority to issue all commands that are specified in the IRMICMD control statements. If SAF indicates that the user does not have authority to issue every command, IRMICMD issues message BMC76871E for each unauthorized command and the job step is terminated without issuing any commands.


Because IRMICMD resources are commands, the type of access that is defined for a user does not matter as long as the access is not NONE. An access type of READ (or any higher level) indicates that the user has the authority to issue the command.

Was this page helpful? Yes No Submitting... Thank you