IBM spotting a market opportunity produced a piece of software called RACF (Resource Access Control Facility) which tried to centralise the security processing. This is illustrated in the diagram below.

The key ideas are that there is a separate database of users, their roles and the resources they can access and/or modify. This database is stored and maintained outside any of the individual programmes. This was quite successful. It certainly reduced the admin load of maintaining lots of userid’s for lots of different systems. However, it did not replace the security processing inside each programme, rather it was added as an additional layer of security onto each system. Thus, RACF allowed you access to the whole programme or gave you no access at all. This was a “coarse grained” level of security. The “fine grained” security was still handled by the programme security.

Two examples may help here:

• Suppose, RACF userid’s gives the user access to the Bank’s Customer Accounts system. It may well do so in a few simple ways, e.g. enquiry access (no ability to update any records) and inputter access (ability to update all records).
• Within the Customer Accounts System there are probably lots of extra bits of security programming; e.g. “if a Branch Transfer is more than £10,000 then a second person must authorise the transaction”.

Back to Top