RACF establishes security policies rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or another object) created at a later time.
RACF has continuously evolved to support such modern security features as digital certificates/public key infrastructure services, LDAP interfaces, and case-sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux.
Example of usage – “RACF protects resources by granting access only to authorized users of the protected resources. RACF retains information about users, resources, and access authorities in special structures called profiles in its database, and it refers to these profiles when deciding which users should be permitted access to protected system resources.”