• racfGUI greatly simplifies basic RACF admin tasks, requiring no mainframe expertize or expert skills. It provides a return on investment based on improved speed, efficiency, productivity and accuracy, with commands being automatically replicated across LPARs. Browser-based, you can use the solution securely on any device, from anywhere.

  • Business Objective

    Designed to boost Help Desk productivity, racfGUI significantly simplifies the RACF User / Group Admin workload. Providing these functions through a browser interface leads to a smoother, more intuitive user experience, no longer reliant on mainframe expertize, or logons to TSO or CICS to perform basic RACF administration. racfGUI provides an online Audit Log, allowing auditors to view and track changes without the delay and reliance on mainframe skills to post-process SMF records.

    Replacing the unsightly 'green screen' RACF interface with a friendlier GUI, means that the RSM GUI user can focus on the task of completing routine User / Group security activities, such as:


  • Managing Users

    Add new users

    Display and update a user profile

    Revoke or resume a user

    Change a user's name or password

    Add or remove users from groups

    Update user custom fields

    Remove a user

  • Managing Groups

    Display a group profile

    List all users of a group

    Connect or remove users

    Remove multiple users

    Update group custom fields

  • RACF Command Facility

    Issue any RACF command

  • RSM Partners Solution

    Replace legacy 'green screen' with an intuitive, function-specific GUI web-based browser interface

    All data is exchanged with the mainframe over an HTTPS (Secure) link

    Secure web server built into the software, supporting encrypted SSL communications using HTTPS protocols

    Secure connections between Sysplex systems, allowing commands to be replicated across multiple RACF databases - removing the need for multiple logons.

    No longer a need to logon to TSO or CICS to perform basic RACF administration

    Removes the CPU / Management overhead of the additional address spaces - especially TSO

    Online real-time Audit Log, viewable directly from the browser or can be downloaded

    No workstation based software installation or browser plugins required

    Browser-based solution, therefore much easier to distribute RACF User / Group Admin function capability

    All RACF changes written to an audit log which can be viewed in real-time from the browser, or optionally downloadable for viewing offline

    Built-in security profiles restricts features to specific administrators

    All code SMP/e installable, on z/OS

    Minimal configuration aids quick evaluation and deployment

    Supports all LPARs within a Sysplex from a single browser connection/sign-in

    Raw command capability provided form which authorized users can issue any RACF command


    Yes. Passwords sent from the browser will be encrypted using industry standard SSL/TLS encryption. Where audit logging or tracing is activated, passwords are hidden in the log/trace records.

    Yes. All communication with racfGUI from the user and between racfGUI instances is encrypted using industry standard SSL/TLS encryption.

    There is no support for ACF2 or TSS today.

    All communication with racfGUI from the user and between racfGUI instances is encrypted using industry standard SSL/TLS encryption.

    Yes. Users who have logged into racfGUI but have not used it within the timeout period will be automatically logged off.

    Yes. racfGUI supports single signon from where multiple systems and RACF databases can be administered and commands replicated.

    Yes. This is controlled by RACF as all racfGUI operations are executed under the privilege of the logged in user.

    Yes. racfGUI has its own RACF resources to control which product features can be used by each user.

    zVisual can perform all of the basic changes than can be performed by GUI.

    However, with GUI there is no PC client software to install and, as its browser based, can be used from a tablet or smartphone.

    RACF commands are logged and verified against the userid of the logged-in user.

    Yes. racfGUI uses secure connections across the network to access and replicate commands across multiple databases.




    Not today.

    Development of this capability is in progress.

    Not today.

    In a VSAM linear dataset.

    Online viewing of the audit log is protected by specific racfGUI RACF resources. The audit log dataset itself is protected by RACF dataset resources.

    Not today.

    racfGUI does not write its own SMF records and RACF will log racfGUI activity to SMF.

    No. We generate standard RACF commands and they will be subject to whatever controls are defined by the client.

    The CPU overhead is dependent on usage, but the consumption of racfGUI should be no greater and most likely less than the CPU used by TSO for the same activities.

    Yes, the latest version of racfGUI supports this capability.

    Yes. A graphic file with recommended pixel dimensions can be defined in the configuration to replace the racfGUI logo on the welcome screen.

    To request a download of this software or to raise a question, please complete the following details:

  • Download the racfGUI overview datasheet


  • Watch the racfGUI software video


  • Download the racfGUI demo software