IBM OS/390 manual Classification, Verifyx, File System, Root, Structure

Page 64

set that is RACF-protected by

a

discrete

 

profile

 

must

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

also

be

 

RACF-indicated.

 

 

 

 

 

 

 

 

 

 

 

 

S

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACROUTE

macro

 

 

 

.

An

 

assembler

macro

that

 

 

SAF

. System authorization facility.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

provides

 

a

means

of

 

calling

RACF

to

 

provide

 

security

 

 

Seedata

security.

 

 

 

 

 

 

 

 

 

 

 

 

 

functions. See AUDITalso request,AUTH

request,

 

 

 

security .

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DEFINE

request,DIRAUTH

 

request,

EXTRACT

request,security

 

classification .

 

The

 

use

of

 

security

 

 

 

 

 

FASTAUTH request, LIST

 

request,SIGNON

request,

 

 

 

categories,

a

security

 

level,

or both,

to

impose

STAT

request,

TOKENBLD

 

request,TOKENMAP

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

additional access controls on sensitive resources. An

request,TOKENXTR

request, VERIFY

request,and

 

 

 

 

 

 

alternative

way

to

provide

 

security

classifications i

VERIFYX

request.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

use

 

security

labels.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

remote

 

logical

unit

(remote

LU)

.

 

Seepartner

logical

SFS . Shared file system

 

 

 

 

 

 

 

 

 

 

 

 

 

unit

 

(partner. LU)These

 

two

terms

are

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

interchangeable.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

remote

 

node

 

.

An

RRSF

 

node

that

is

 

logically

 

shared

 

file

 

system

(SFS)

.

 

A

 

part

of

CMS

that lets

 

 

 

 

 

 

 

 

users organize their files into groups known as

 

 

connected

to

a

node

from

 

whose

point of

 

 

 

 

 

 

view

 

you

 

are

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

talking.

For

example,

 

if

MVSX

and

MVSY

are

 

 

directories and selectively share those files and

 

 

two

RRSF

 

 

 

 

with

 

other

users.

 

 

 

 

 

 

 

 

 

 

nodes

that

are

logically

connected,

from

 

 

directories

 

 

 

 

 

 

 

 

 

 

 

MVSX's

 

point

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

of

view

 

MVSY

is

a

 

remote

 

node,

and

from

 

MVSY's

 

point

 

 

OpenEdition

MVS,

a

program

that

 

 

 

 

of

view

 

MVSX

is

a

 

remote

 

nodelocal. Seenode,also

 

 

shell

.

 

(1) In

 

 

 

 

 

 

 

 

 

interprets

and

processes

interactive

commands

 

from

a

target

node.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

pseudoterminal or from lines in a

shell script. (2) A

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Resource

Access

Control

Facility

(RACF)

 

 

.

 

An

 

 

 

 

program

 

that

interprets

sequences

of

text

input

 

as

 

 

 

 

 

 

 

commands.

 

It

may

 

operate

on

an

 

input

stream,

or

it

IBM-licensed

product

 

that

provides

 

for

 

 

 

 

 

 

 

 

access

 

control

by

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

identifying

and

verifying

users

to

 

the

 

 

 

may

 

interactively prompt and read commands from a

 

 

system,

 

authorizing

 

 

withcommand

language

 

 

 

 

 

 

 

 

access

to

protected

resources,

logging

 

 

 

terminal.

 

Synonymous

 

 

 

 

 

 

 

 

detected

 

 

 

 

 

software

 

interface

between

 

a

user

unauthorized

attempts

to

enter

the

system,

interpreter. (3) A

 

 

and

 

logging

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

and the operating system of a computer. Shell

 

 

detected

 

accesses

 

to

protected

 

resources.programs

 

interpret commands and user interactions on

resource

profile

 

 

.

A profile

that

provides

RACF

devices such as keyboards, pointing devices and

 

 

 

touch-sensitive screens and communicate them to the

protection

for

one

or

more

 

resources.

 

 

 

 

User,

group,

and

 

 

 

 

 

 

 

 

command

 

interpreter

that

 

connect

profiles

are

not

resource

 

profiles.

operating

system. (4) The

 

 

 

The

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

information

 

in

a

resource

profile

can

 

 

 

 

provides a user interface to the operating system

 

include the

 

data

(5) The

 

program

 

that

 

reads

a

user's

 

set

 

profile

name,

profile

 

owner,

universal

 

 

its

 

commands.

 

 

 

 

 

 

access

 

 

 

 

and

executes

them.

(6) The

shell

command

 

 

authority,

access

list,

and

other

 

data.

 

 

commands

 

 

 

 

Resource

 

profiles

 

 

 

 

a

specific

instance

of

a

 

shell

can

be

discrete

profiles

or

 

 

 

 

 

 

 

 

language

 

interpreter,

 

 

generdiscreteprofiles. See

 

 

 

above

 

the

kernel,

that

provides

 

a

flexi

profileand generic

profile.

 

 

 

 

 

 

 

 

 

 

 

(7) A

 

layer,

 

 

 

 

 

 

 

 

 

 

 

 

 

interface

between

users

and

the

rest

of

 

the

syste

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

root

.

(1) The

starting

point

of

the

file

 

 

(8) Software

that

 

allows

a

kernel

 

program

to

run

under

 

system.

(2) The

 

 

 

 

system

 

environments.

 

 

 

 

 

 

first directory in the systemappropriate. (3) See

 

 

 

different

operating

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

privileges.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SIGNON

 

request

 

.

 

The

 

issuing

 

of

the

RACROUTE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

.

SeeRACF

remote

 

sharing

facility.

 

 

 

 

macro

 

with

REQUEST=SIGNON

specified.

A

SIGNON

 

 

 

 

 

 

 

 

 

 

request

 

is

used to provide management of the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

logical

node

connection

 

 

 

.

 

Two

RRSF

 

nodes

 

 

signed-on

 

lists associated with persistent verification

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(PV),

a

 

feature

 

of

 

the

APPC

architecture

of

LU

6.2

are logically connected when they are properly

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

configured

to

communicate

via

APPC/MVS,

and

each

 

 

 

 

 

 

 

RRSF

node

 

 

.

 

An

RRSF

node

consisting

 

 

 

has

been

 

configured

via

the

TARGET

command

 

 

single-system

 

 

 

 

 

 

 

 

 

to

have

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

an

OPERATIVE

connection

to

the

other.

 

 

 

 

of

one MVS system image.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

network

 

 

.

 

Two

or

more

RRSF

nodes

that

 

SMF

 

records

 

 

.

SeeRACF

 

SMF

 

data

 

unload

utility.

 

 

 

 

 

 

 

 

 

have

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

established

RRSF

logical

node

connections

to

 

each

 

 

 

 

 

.

 

The

issuing

of

the

RACROUTE

macro

 

 

other.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

STAT

 

request

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

with REQUEST=STAT specified. A STAT request

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

node

.

 

One

or

more MVS

system

 

images

 

 

determines

if

RACF

 

is

active

and,

optionally,

 

whether

 

 

 

with

 

 

 

resource

class

 

is

 

defined

to

RACF

and

 

active.

MVS/ESA

4.3

or

later

installed,

RACF

2.2

 

 

 

given

 

 

 

installed,

 

and

request

replaces

the

RACSTAT

function.

 

 

 

 

the

 

RACF

 

subsystem

address

space

 

active.

 

 

The

 

STAT

 

 

 

 

 

 

 

 

 

See

 

also

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

 

logical

node

connection.

 

 

 

 

 

 

 

 

 

 

structure .

 

Seecache

 

structure.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

44

OS/390

V2R4.0

Security

Server

(RACF)

Planning:

 

Installation

 

and

Migration

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Page 63 Page 65
Image 64
Page 63 Page 65
Contents IBM Page IBM Fourth Edition, September IBMContents Racf ConsiderationsGet IndexPspi RacfPage USA IBMUSA Page Trademarks Page How to Use This About This BookWho Should Use This Book BookWhere to Find More Information OS/390 Security Server Racf Information , PackageSK2T-2180Server Racf Information , Package see OS/390 CollectionIBM Systems Center Publications Other Sources of Information SecurityRacf home RACF-L discussion list Sample codeFtp PublicationsFTP Servers Page PresentedRACF Planning inInstallation OS/390 VersionPage Migration Planning Considerations MigrationInstallation Considerations Administration ConsiderationsCustomization Considerations PSPAuditing Considerations Application Development ConsiderationsGeneral User Considerations Data Areas OS/390 Security ServerPage Release Overview New and Enhanced SupportEnhancements to Support for OpenEdition Services UIDRun-Time Library Services Password History EnhancementsGID Gggg needsProgram ALLNew Fmid OW24966 Enhancements toEnable/Disable Changes AccessGuide OW26237 EnhancementsCallable Services New Callable ServicesRelease SYS1.SAMPLIBGID Class Descriptor Table CDTUID Commands Command Language ReferencePermit NoclauthParmlib Data Areas ICHRFX03 ExitsICHRFX04 Macros MessagesNew Messages Changed MessagesDeleted Messages PanelsICHP241C ICHP242AICHH241C MemberPublications Library Changes to the Racf Publications LibraryOS/390 Security Server Data Areas This No longer Licensed Publication Its New FormPlanning Considerations Migration StrategyHardware Requirements Racf Migration and Planning for Racf 1.9.2GC23-3045Compatibility OpenEdition MVSProgram Control by System ID RELEASE=2.4 Keyword onPage Installation Considerations Racf Storage ConsiderationsVirtual Storage Racf Estimated Storage UsageHow System Programmers Guide ICBPage Customization Considerations Customer Additions to the Router Table and the CDTRACF/DB2 External Security Module Customization RACF/DB2Administration Guide Volume , SC26 For OS/390 Version InstallationExit Processing OS/390 Security Server Racf System Programmers. GuideAdministration Considerations Tmeadmin ClassPassword History Changes Server Racf Security Administrators. GuideEnhancements of Global Access Checking Racroute REQUEST=LISTAuditing Considerations SMF RecordsAuditors Guide SysidPage Application Development Considerations Programming InterfacesFastauth Changes Racroute IcheintyPage General User Considerations Security Server Racf General Users. GuidePage Update GlossaryMVS AuditDirection FacilityData DirectoryEntity GIDFile HFSPassword RequestNode UnitPosit ProcessPads UtilityClassification VerifyxFile System RootTarget Node SyscallTask Verification NameProfile SetsHow to Get Your Racf CD Cics TSO/EPage Index SeeLsqa See alsoexits IRR@XACS 19 Ispf panelsPlpa SMF80DTA See alsoRRSF router tableRaclist SmfidPage Readers Comments Wed Like to Hear from You IBM Readers Comments Wed Like to Hear from YouPage IBM
Related manuals
Manual 673 pages 53.75 Kb

OS/390 specifications

IBM OS/390, a versatile operating system, was a cornerstone in enterprise environments and played a pivotal role in mainframe computing. Released in the mid-1990s, OS/390 combined the strengths of IBM's MVS (Multiple Virtual Storage) with new features and enhancements, targeting scalability, reliability, and performance in demanding business applications.

One of the key features of OS/390 was its robust support for multiple users and processes. The system allowed thousands of concurrent users to access applications and data, ensuring high availability and minimizing downtime—a critical requirement for many large organizations. This scalability was supported through various enhancements in memory management and processor scheduling, enabling optimal resource allocation across diverse workloads.

OS/390 was known for its superior workload management capabilities. The Workload Manager (WLM) component allowed administrators to define service policies, specifying how system resources would be allocated according to the priority of tasks. This ensured that critical business processes received the necessary resources while less critical tasks were managed more flexibly.

Another significant characteristic of OS/390 was its commitment to security. The operating system provided comprehensive security features, including user authentication, data encryption, and auditing capabilities. This focus on security was vital for organizations handling sensitive data, ensuring compliance with regulations and safeguarding against unauthorized access.

OS/390 also supported advanced technologies that facilitated integration and development. The system included features like the IBM CICS (Customer Information Control System) for transaction processing and IMS (Information Management System) for database management. These technologies allowed organizations to build robust, high-performance applications tailored to specific business needs.

The ease of network integration was another strength of OS/390. With the advent of the Internet and global connectivity, OS/390 systems could easily interface with various network protocols, enabling businesses to operate in a connected world. This inclusion paved the way for many organizations to expand their capabilities and offer new services, driving digital transformation.

In conclusion, IBM OS/390 represented a significant advancement in mainframe technology, combining scalability, security, and robust workload management. Its rich feature set and support for critical enterprise applications solidified its role as a vital component of many organizations' IT infrastructures, ensuring they could meet their operational challenges head-on while supporting future growth. As technology continues to evolve, the legacy of OS/390 remains influential in the realm of computing.
Top Page Image Contents