IBM GC28-1920-01 Customization Considerations, Exit Processing, and IRRSXT00, Support on, Exits

Page 59
Chapter 6. Customization Considerations

Chapter 6. Customization Considerations

This chapter identifies customization considerations for RACF.

For additional information,OS/390see Security Server (RACF) System

Programmer's Guide.

Customer Additions to the CDT

Installations must verify that classes

they have added to the class

(CDT) do not conflict with new classes

shipped with RACF. If duplicate

entries are detected, the following

error messages are issued at

ŸFor a duplicate router table entry, RACF issues this message and processing:ICH527I RACF DETECTED AN ERROR IN THE INSTALLATION ROUTER￿

TABLE, ENTRY class_name, ERROR CODE 1.

ŸFor a duplicate CDT entry, RACF issues this message and enters fa

ICH511I RACF DETECTED AN ERROR IN THE INSTALLATION CLASS ￿DESCRIPTOR TABLE, ENTRY class_name, ERROR CODE 7.

If a conflict in class names occurs, you must delete the profiles installation-defined class with the conflicting name, delete the CDT ent class, add a CDT entry with a different name, and redefine the pr

Do not assemble the user-defined CDT (ICHRRCDE) on OS/390 Release 2 a attempt to use it on a system running RACF at a lower level than RACF

Exit Processing

Installation-written exits might be affected by new function introduce Release 2 Security Server (RACF).

Effects of OS/390 OpenEdition DCE

Support on

ICHRCX01, ICHRCX02,

and IRRSXT00

 

 

OS/390 OpenEdition

DCE support

can affect:

Ÿ The RACROUTE REQUEST=AUTH preprocessing and processing exits

ŸThe IRRSXT00 installation exit

RACROUTE REQUEST=AUTH Preprocessing

and

Postprocessing

Exits

 

RACF

support

for OS/390 OpenEdition DCE introduces new indicators in the

ACEE.

These

indicators mark

the ACEE clientas a ACEE. Client ACEEs are

created by OS/390 OpenEdition and RACF on behalf of multithreaded unau application servers on OS/390. There are two types of client ACEE:

ŸUnauthenticated client ACEE

When

an unauthenticated client ACEE is used in an access control de

two

authorization checks occur.

 Copyright IBM Corp. 1994, 1996

35

Page 58 Page 60
Image 59
Page 58 Page 60
Contents Place graphic in this area. Outline is keyline only. DO NOT PRINT Security Server RACF Planning Installation and MigrationOS/390 Page OS/390 1996. All Second Edition, SeptemberPage Page Migration ContentsAuditing Considerations Administration ConsiderationsCustomization Considerations 10. Application Operational ConsiderationsIndex ChapterPage Figures Page Notices Trademarks xiii How to Use ThisAbout This Book Who Should Use This BookServer Where to Find More InformationSoftcopy Publications Ÿ The OS/390 Security Server RACF Information , PackageSK2T-2180Ÿ Tutorial Options for Tuning GG22RACF Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Using thelistserv@uga.cc.uga.edu Other Sources of InformationIBM Discussion Areas Internet SourcesTo Request Copies of PublicationsFeatures OS/390xviii V2R5TSO/E ServiceŸ OpenEditionProduct OSA/SFPage Summary of Changes Page Migration Migration Planning ConsiderationsChapter 1. Planning Customization Considerations Installation ConsiderationsAdministration Considerations General User Considerations Auditing ConsiderationsOperational Considerations Application Development ConsiderationsPage New and Enhanced Support Chapter 2. Release Overviewintroduced in OS/390 Release OS/390 OpenEdition DCEidentifies functionCheck ConceptsSOMobjects for MVS Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights OS/390 OpenEditionsystems Multisystem NodesRRSF Network non-mainTARGET OS/390 Enable and Disable FunctionsYear Facility NetView1.10 classesthat Function Not Upgradedupdated for identifies functionClass Descriptor Table CDT Components forRelease 3. Summary ofthere Commandslists classes whichChapter 3. Summary of Changes to RACF Components for OS/390 15Release Commandgeneral-use programming interface GUPI data are Data AreasExits lists changedRACF macros MacrosMessages Figure 12 lists changesRACF Database Split/Merge Utility IRRUT400 New MessagesChanged Messages MessagesFigure 13 lists RACF panels that are PanelsPublications Library RoutinesRACROUTE REQUEST=EXTRACT SYS1.SAMPLIBTemplates Figure 16 identifies changes to RACF members of SYS1.SAMPLIBTemplate UtilitiesFigure 18 lists changes to RACF utilities for OS/390 Release 0280 UtilityMigration Strategy OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Chapter 4. Planning ConsiderationsRACF Migration and Planning for RACF RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements Software RequirementsRequirements CompatibilityCompatibility Considerations for Remote Sharing Page Networks Chapter 5. Installation ConsiderationsEnabling RACF Considerationsinstall multisystem R installationconfigured are in your existing workspace data sets when youmust Chapter 5. Installation Considerations29local-lu prefixnodename sysnameprefix.local-node.local-node .INMSG Figure 21 estimates RACF virtual storage usage, for planning purposes RACF Storage Considerations Virtual Storage This section discusses storage considerations for RACFSubpool Customer Additions to the CDTSystem Templates for RACF onOS/390 Release information, OS/390see Security ServerEffects of OS/390 OpenEdition DCE Chapter 6. Customization ConsiderationsExit Processing and IRRSXT00RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation Exitsignon Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide Cross-Linking Between RACF UsersActivating DCEUUIDS ClassSignon to the DCE Encryption Key single signon restrictionsOpenEditionsee DCE Administration .GuideOS/390 OpenEdition DCE Application Considerations Threads and OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerLibrary Reference callable servicepthread orsecuritynp Changes to RACF Authorization ProcessingRestrictions Enhancements to the Rdceruid Callable ServiceUtility SYSMVIEW Chapter 7. Administration Considerations43Page Server RACF Macros Chapter 8. Auditing ConsiderationsSMF Records Auditors Guide and OS/390Interfaces ServicesAuditing New OS/390 SMF Data Unload Utility Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support Report WriterPage Enabling and Disabling CommandOS/390 Security Server RACF Command Language Referencefor more Chapter 9. Operational ConsiderationsPage 01yydddF Chapter 10. Application Development Considerations2000 Support Serverspthread the securitynp New Application Services and SecurityProgramming Interfaces ServiceNew Application Authorization Changes to the Class Descriptor TableŸ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on pageReference for Chapter 11. General UserConsiderations OpenEditionPage After Applying the PTF Chapter 12. NJE ConsiderationsAPAR OW14451 OW08457NODES Actions RequiredOW08457 UACCFAILSAFE APAR OW15408GROUP Page RRSF Chapter 13. ScenariosMigrating an Existing NodesprefixTARGET NODEMIAMI2 DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEORLANDO DELETEDELETE RACF DiagnosisOn ORLANDO Note The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACEdirection Glossaryaccess Page programming Seegeneral-use programmingSeeinventory Seemultisystem Seelogicallogical supervisory other.single-systemtask segment andDFP classes continued Index Acontinued Page KEYSMSTR SERVERSFSCMD utilitiescontinued Page Edition OS/390 Security Server RACF Information IBM Now you can! TheIBM Online Library Productivity Page Page comments Communicating Your Comments to IBMNote Copies Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Publication No. GC28-1920-01IBM MAILREPLY BUSINESSPage GC28-192ð-ð1 IBMDrop in Back Cover Image Here
Top Page Image Contents