Starting with IMS 14, you can ask that RACF record statistics when IMS Connect authenticates ODBM client connections to IMS DB. With these RACF statistics, you can define policies to improve security for your RACF-protected data in IMS DB. For example, with information on the last date and time that a user is authenticated to access IMS DB data, you can define a security policy to automatically revoke inactive users. Or, you might want to use the RACF statistics to define an interval for password changes. You can specify the RACF statistics that you want to record by using the options on the RACF command SETROPTS.
There are a couple of methods to enable RACF to record statistics when IMS Connect authenticates ODBM client connections to IMS DB, shown below. After you enable RACF statistics to be recorded, RACF updates the statistics no more than once per day to a system management facility (SMF) data set or log stream.
ODRACFST=Y – In the ODACCESS statement of the HWSCFGxx member of the IMS PROCIB data set, specify ODRACFST=Y to enable RACF statistics to be recorded. When you specify ODRACFST=Y, a message is also issued if the user logon is successful.
UPDATE IMSCON TYPE(CONFIG) – The ODRACFST(ON) keyword on the UPDATE IMSCON TYPE(CONFIG) command allows you to update the ODRACFST= RACF statistics option while IMS Connect remains online:
UPD IMSCON TYPE(CONFIG) SET(ODRACFST(ON))
You can find more detailed information about how RACF records statistics when IMS Connect authenticates ODBM client connections to IMS DB in the IBM Knowledge Center.