Close X

SAFTRACE demystified


The RACF SAFTRACE facility allows you to record every invocation of and return the System Authorization Facility (SAF) that goes to RACF. SAFTRACE allows you to select which jobs, user IDs have their RACROUTE, SAF Callable Services, and RACF Database operations (ICHEINTY) recorded. It’s a very powerful way to see exactly what requests are being made of RACF and how RACF has responded.

This session describes how to set up SAF trace and how to process its results.


Stream: Enterprise Security
Room: Melbourne
Time: 15:15 - 16:15


  • Mark Nelson at IBM USA
  • Mark Nelson, CISSP®, CSSLP® is a Senior Software Engineer with IBM's z/OS® Security Server Design and Development Team in Poughkeepsie NY, where he has spent the past 32 years working on RACF®. Mark's focus with RACF has been on auditing and data analysis (IRRDBU00, IRRADU00, RACFICE), RACF's Health Checks, RACF/DB2, and RACF's support for digital certificates.

    Mark is an active speaker on RACF, having spoken to user groups and IBM field representatives on four continents, and has received several SHARE "Best Session" awards, six-and-a-half "Top Gun/Best Session" awards from the Vanguard Enterprise Security Expo, three GSE "Best Vendor Session" awards, and was the 1999 recipient of the Vanguard "Chairman's Award".

    Mark is a co-author of the book "Mainframe Security for Security Experts: A Introduction to RACF", has helped write several Redbooks, and has published articles in NaSPA's Technical Support, z/Journal, and IBM's Hot Topics. Mark is the director of the Mid-Hudson Valley IBM Club Chorus and a private pilot. Mark is also a world record holder in the "Hokey Pokey".



    Click here to give some Feedback so we can make it even better next year!