It's best to avoid RACF exits, but if you must have them, mitigate their risk.
Written by Dinesh Dattani
Editor's note: This article is an excerpt from Chapter 16 of IBM Mainframe Security.
A RACF exit is an optional facility provided in RACF to perform special RACF processing, above and beyond what is offered in standard RACF. RACF exits can overrule decisions made by standard RACF processing. They provide a means for an installation to tailor RACF processing to suit its own unique needs.