Short answer: Yes.
that is -- you should do both, and even more than that.
1) Backup your RACF Database at least once a day.
2) From the backup, you can create an unload.
3) From the unload, you should be able to load an image of your RACF DB into DB2 -- that allows you to write SPUFI and other SQL queries against things in your database, reports and the like.
Also, if you're using zSecure -- it can work against the RACF DB, but it can also work against copies of the RACF DB, and has its own Unload as well -- each of these have various usages. (and also a Freeze dataset against the rest of your system,). zSecure can write reports and such in CARLa (did I capitalize that correctly?). Some reports work better in DB2, others in CARLa. zSecure also lets you set up "offline" copies of RACF -- where you can simulate executing commands Before you actually run them against the real DB. (This becomes very helpful if you start collecting Access Manager data.)
The key thing is to make sure that you protect any physical full copies of the RACF DB so that no one can easily get to it (except for the operating system and zSecure) -- there has to be justification before a (security) person can directly access any copy of the RACF DB.
(and if you have multiple system images with different RACF DBs, you can get into sending backup copies to other systems, and storing multiple racf db's into DB2, and cross connecting zSecure to talk among the various systems, and RRSF between the systems, and all sorts of other stuff... Good luck.
------------------------------
Scott Tietjen CISSP
------------------------------
Original Message:
Sent: Fri May 22, 2020 12:02 PM
From: Linnea Sullivan
Subject: UNLOADs
As we are migrating to RACF, our staff is converting our batch processes over so they will run under RACF or zSecure. So they are replacing the job that creates a TSS CFILE, with one that creates a RACF Unload. They are going to create a UNLOAD dataset but they are wondering the benefits of a RACF UNLOAD or a zSecure UNLOAD. Any pointers I can give that team on using one or the other, or both?
Thanks
------------------------------
Linnea Sullivan
------------------------------