IBM GC28-1920-01 manual OS/390 OpenEdition, SOMobjects for MVS, SystemView for MVS

Page 32

OS/390 OpenEdition

OS/390 Release 2 OpenEdition adds new capabilities for which RACF provid support.

Authorizing and Auditing Server Access to the CCS and WLM

Services

OS/390 Release 2 OpenEdition adds the capability to check whether ser authorized to use the console communications service (CCS) and the worklo manager (WLM) service. RACF provides support for this capability by det whether the server identity has authority to the service, and by a access to these services.

RACF provides two new audit function codes for these services. The aud based on the existing PROCESS class.

Auditing the Passing of Access Rights

OS/390 Release 2 OpenEdition implements the passing of access rights fro process to another. A sending process opens a file and passes the ope descriptor to a receiving process via a UNIX domain socket connection. writes SMF type 80 records when:

Ÿ The access rights are passed by the sending process.

Ÿ The access rights are received by the receiving process.

ŸThe access rights are discarded by the receiving process without received.

RACF provides a new event code and 3 new audit function codes for th records. Auditing is based on the existing PROCACT class.

SOMobjects for MVS

RACF provides support for Version 1 Release 2 of SOMobjects for MVS. A

application running

in

an

OS/2,

AS/400,

or MVS

environment

requesting

distribu

SOM

(DSOM)

services

can

have

those services run in an

MVS

server. To

sup

the

use

of remote

objects

with

SOMobjects

for MVS,

RACF

does

the

follo

ŸAuthenticates the user as a valid and correct user through the pr password

Ÿ	Verifies	the	user's access to	use the requested server
Ÿ	Verifies	the	server's access	to use the method within the specif

ŸVerifies that only approved servers can register with the SOMojbect server daemon, preventing unauthorized users from starting trojan hors servers

SystemView for MVS

SystemView for MVS consists of programs that run on the user's workstati programs that run on MVS. SystemView for MVS displaysLaunch windowa that

contains a customized task treetask . treeThisrepresents systems management

programs, or applications, to which the workstation user can get access information needed by the SystemView for MVS client code running in the workstation is created and stored on the MVS-based SystemView server s

8 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration

Image 32

Contents Place graphic in this area. Outline is keyline only. DO NOT PRINT Security Server RACF Planning Installation and MigrationOS/390 Page Security Server RACF Planning Installation and Migration Second Edition, September 1996. AllPage Page Contents MigrationAuditing Considerations Administration ConsiderationsCustomization Considerations Operational Considerations IndexChapter 10. ApplicationPage Figures Page Notices Trademarks How to Use This About This BookWho Should Use This Book xiiiWhere to Find More Information Softcopy PublicationsŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 ServerAdministration, H3927 Elements of Security RACF Installation - Student GG24-3971NotesUsing the Ÿ Tutorial Options for Tuning GG22RACFOther Sources of Information IBM Discussion AreasInternet Sources listserv@uga.cc.uga.eduPublications To Request Copies ofFeatures OS/390xviii ServiceŸ OpenEdition ProductOSA/SF V2R5TSO/EPage Summary of Changes Page Migration Migration Planning ConsiderationsChapter 1. Planning Customization Considerations Installation ConsiderationsAdministration Considerations Auditing Considerations Operational ConsiderationsApplication Development Considerations General User ConsiderationsPage Chapter 2. Release Overview New and Enhanced SupportOS/390 OpenEdition DCE identifiesfunction introduced in OS/390 ReleaseConcepts CheckAuthorizing and Auditing Server Access to the CCS and WLM Services Auditing the Passing of Access RightsOS/390 OpenEdition SOMobjects for MVSMultisystem Nodes RRSF Networknon-main systemsTARGET OS/390 Enable and Disable FunctionsYear NetView 1.10classes FacilityFunction Not Upgraded updated foridentifies function thatComponents for Release3. Summary of Class Descriptor Table CDTCommands lists classeswhich thereCommand Chapter 3. Summary of Changes to RACF Components for OS/390 15ReleaseData Areas Exitslists changed general-use programming interface GUPI data areMacros MessagesFigure 12 lists changes RACF macrosNew Messages Changed MessagesMessages RACF Database Split/Merge Utility IRRUT400Panels Publications LibraryRoutines Figure 13 lists RACF panels that areSYS1.SAMPLIB TemplatesFigure 16 identifies changes to RACF members of SYS1.SAMPLIB RACROUTE REQUEST=EXTRACTTemplate UtilitiesFigure 18 lists changes to RACF utilities for OS/390 Release Utility 0280OS/390 Security Server RACF Planning Installation and forMigration RACF Planning Installation and Migrationfor RACFChapter 4. Planning Considerations Migration StrategyRACF Planning Installation and Migrationfor RACF 2.1, and Hardware RequirementsSoftware Requirements RACF Migration and Planning for RACFRequirements CompatibilityCompatibility Considerations for Remote Sharing Page Chapter 5. Installation Considerations Enabling RACFConsiderations Networksinstallation configuredare in your existing workspace data sets when you install multisystem RChapter 5. Installation Considerations29 mustprefix nodenamesysname local-luprefix.local-node.local-node .INMSG RACF Storage Considerations Virtual StorageThis section discusses storage considerations for RACF Figure 21 estimates RACF virtual storage usage, for planning purposesCustomer Additions to the CDT SubpoolTemplates for RACF on OS/390 Releaseinformation, OS/390see Security Server SystemChapter 6. Customization Considerations Exit Processingand IRRSXT00 Effects of OS/390 OpenEdition DCEIRRSXT00 Installation Exit RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01Chapter 7. Administration Considerations Server RACF Security Administrators. GuideCross-Linking Between RACF Users signonActivating DCEUUIDS ClassSignon to the DCE Encryption Key single signon restrictionsOpenEditionsee DCE Administration .GuideOS/390 OpenEdition DCE Application Considerations Threads and OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerLibrary Reference callable servicepthread orsecuritynp Changes to RACF Authorization ProcessingRestrictions Enhancements to the Rdceruid Callable ServiceUtility Chapter 7. Administration Considerations43 SYSMVIEWPage Chapter 8. Auditing Considerations SMF RecordsAuditors Guide and OS/390 Server RACF MacrosInterfaces ServicesAuditing New OS/390 Auditing OS/390 OpenEdition DCE Support Auditing SystemView for MVS SupportReport Writer SMF Data Unload UtilityPage Command OS/390 Security Server RACF Command Language Referencefor moreChapter 9. Operational Considerations Enabling and DisablingPage Chapter 10. Application Development Considerations 2000 SupportServers 01yydddFNew Application Services and Security pthread the securitynpService New Application AuthorizationChanges to the Class Descriptor Table Programming InterfacesŸ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Ÿ “Routines” on pageChapter 11. General User ConsiderationsOpenEdition Reference forPage Chapter 12. NJE Considerations APAR OW14451OW08457 After Applying the PTFActions Required OW08457UACC NODESFAILSAFE APAR OW15408GROUP Page Chapter 13. Scenarios Migrating an ExistingNodes RRSFprefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVE On MIAMI2prefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 DELETEDELETE RACF DiagnosisOn ORLANDO prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE Note Thedirection Glossaryaccess Page programming Seegeneral-use programmingSeeinventory Seelogical Seemultisystemlogical other.single-system supervisorytask segment andDFP Index A classes continuedcontinued Page KEYSMSTR SERVERSFSCMD utilitiescontinued Page Edition OS/390 Security Server RACF Information IBM Now you can! TheIBM Online Library Productivity Page Page Communicating Your Comments to IBM commentsReaders Comments - Wed Like to Hear from You OS/390 Security Server RACF Planning Installation and MigrationPublication No. GC28-1920-01 Note CopiesMAIL REPLYBUSINESS IBMPage GC28-192ð-ð1 IBMDrop in Back Cover Image Here