IBM GC28-1920-01 manual Auditing New OS/390, Services, Interfaces

Page 70
Interfaces.

Figure 23 (Page 2 of 2). Changes to SMF Records

Record Type

80

80

80

Record

Description

of Change

Support

Field

 

 

 

Relocate

For event code 2, this SMF recordOS/390

65

contains

flags indicating

the ACEE type:OpenEdition

 

 

 

DCE

ŸUnauthenticated client

ŸAuthenticated client

ŸServer

Relocate

For

event

codes

28,

29,

30,

31,

OS/39032, 33,

315

34,

41,

44,

47,

48,

54,

55, 56,

OpenEdition57,63, and

 

64,

this

SMF

record

 

contains

a linkDCEvalue

 

to connect client and server audit records.

Relocate

For

event

codes

28,

29,

30,

31, OS/39032, 33,

316

34,

41,

44,

47,

48,

54,

55, 56,

OpenEdition57,63, and

 

64,

this

SMF

record

 

contains

flags DCE

 

indicating

the

ACEE

 

type:

 

 

 

ŸUnauthenticated client

ŸAuthenticated client

ŸServer

For

more information on SMF records,OS/390seeSecurity Server (RACF) Macros

and

Interfaces.

Auditing New OS/390

OpenEdition

MVS

Services

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF

provides

two new audit function codes

(99 and 100) to audit two ne

OS/390

OpenEdition

MVS

services: a

new

console

communications

service (CCS)

and a new workload manager (WLM) service. Creation of the audit records

controlled

by

the

existing

PROCESS

class. Customers

that

are

not

already

auditing

the

PROCESS

class

must SETROPTSissue

AUDIT(PROCACT)

to

obtain

the

 

new

SMF

records,

whereoption is

ALWAYS,

NEVER, SUCCESSES,

FAILURES,

 

 

 

 

or DEFAULT. Customers that are already auditing the PROCESS class

 

 

automatically receive the new SMF records. These customers might see an

increase in the number of SMF records that RACF writes during OpenEditio

processing.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF also provides three new audit function

codes

(95,

96,

and

97)

to a

passing

of access

rights

from

one process

to

another. Creation

of

the

is

controlled

by the existing PROCACT class. Customers

that are

not

alrea

auditing

the

PROCACT

class

must SETROPTSissue

LOGOPTIONS(option(PROCACT))

 

 

 

to

obtain

the

new

SMF records,optionwhereis

ALWAYS,

NEVER,

SUCCESSES,

 

 

 

 

FAILURES,

or

DEFAULT.

Customers

that

are

already

auditing

the PROCACT

 

class automatically receive the new SMF records. These customers might s increase in the number of SMF records that RACF writes during OpenEditio processing.

46 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration

Page 69 Page 71
Image 70
Page 69 Page 71
Contents OS/390 Security Server RACF Planning Installation and MigrationPlace graphic in this area. Outline is keyline only. DO NOT PRINT Page Security Server RACF Planning Installation and Migration Second Edition, September 1996. AllPage Page Contents MigrationCustomization Considerations Administration ConsiderationsAuditing Considerations Chapter Operational ConsiderationsIndex 10. ApplicationPage Figures Page Notices Trademarks Who Should Use This Book How to Use ThisAbout This Book xiiiŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 Where to Find More InformationSoftcopy Publications ServerUsing the Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Ÿ Tutorial Options for Tuning GG22RACFInternet Sources Other Sources of InformationIBM Discussion Areas listserv@uga.cc.uga.eduPublications To Request Copies ofxviii OS/390Features OSA/SF ServiceŸ OpenEditionProduct V2R5TSO/EPage Summary of Changes Page Chapter 1. Planning Migration Planning ConsiderationsMigration Administration Considerations Installation ConsiderationsCustomization Considerations Application Development Considerations Auditing ConsiderationsOperational Considerations General User ConsiderationsPage Chapter 2. Release Overview New and Enhanced Supportfunction OS/390 OpenEdition DCEidentifies introduced in OS/390 ReleaseConcepts CheckOS/390 OpenEdition Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights SOMobjects for MVSnon-main Multisystem NodesRRSF Network systemsYear OS/390 Enable and Disable FunctionsTARGET classes NetView1.10 Facilityidentifies function Function Not Upgradedupdated for that3. Summary of Components forRelease Class Descriptor Table CDTwhich Commandslists classes thereCommand Chapter 3. Summary of Changes to RACF Components for OS/390 15Releaselists changed Data AreasExits general-use programming interface GUPI data areFigure 12 lists changes MacrosMessages RACF macrosMessages New MessagesChanged Messages RACF Database Split/Merge Utility IRRUT400Routines PanelsPublications Library Figure 13 lists RACF panels that areFigure 16 identifies changes to RACF members of SYS1.SAMPLIB SYS1.SAMPLIBTemplates RACROUTE REQUEST=EXTRACTFigure 18 lists changes to RACF utilities for OS/390 Release UtilitiesTemplate Utility 0280Chapter 4. Planning Considerations OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Migration StrategySoftware Requirements RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements RACF Migration and Planning for RACFCompatibility Considerations for Remote Sharing CompatibilityRequirements Page Considerations Chapter 5. Installation ConsiderationsEnabling RACF Networksare in your existing workspace data sets when you installationconfigured install multisystem RChapter 5. Installation Considerations29 mustsysname prefixnodename local-luprefix.local-node.local-node .INMSG This section discusses storage considerations for RACF RACF Storage ConsiderationsVirtual Storage Figure 21 estimates RACF virtual storage usage, for planning purposesCustomer Additions to the CDT Subpoolinformation, OS/390see Security Server Templates for RACF onOS/390 Release Systemand IRRSXT00 Chapter 6. Customization ConsiderationsExit Processing Effects of OS/390 OpenEdition DCEIRRSXT00 Installation Exit RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01Cross-Linking Between RACF Users Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide signonSignon to DCEUUIDS ClassActivating OS/390 OpenEdition DCE Application Considerations single signon restrictionsOpenEditionsee DCE Administration .Guidethe DCE Encryption Key Library Reference OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerThreads and Restrictions Changes to RACF Authorization Processingcallable servicepthread orsecuritynp Utility Rdceruid Callable ServiceEnhancements to the Chapter 7. Administration Considerations43 SYSMVIEWPage Auditors Guide and OS/390 Chapter 8. Auditing ConsiderationsSMF Records Server RACF MacrosAuditing New OS/390 ServicesInterfaces Report Writer Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support SMF Data Unload UtilityPage Chapter 9. Operational Considerations CommandOS/390 Security Server RACF Command Language Referencefor more Enabling and DisablingPage Servers Chapter 10. Application Development Considerations2000 Support 01yydddFNew Application Services and Security pthread the securitynpChanges to the Class Descriptor Table ServiceNew Application Authorization Programming InterfacesŸ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Ÿ “Routines” on pageOpenEdition Chapter 11. General UserConsiderations Reference forPage OW08457 Chapter 12. NJE ConsiderationsAPAR OW14451 After Applying the PTFUACC Actions RequiredOW08457 NODESGROUP APAR OW15408FAILSAFE Page Nodes Chapter 13. ScenariosMigrating an Existing RRSFprefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEMIAMI2 DELETEOn ORLANDO RACF DiagnosisDELETE prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE Note Theaccess Glossarydirection Page Seeinventory Seegeneral-use programmingprogramming Seelogical Seemultisystemlogical other.single-system supervisorytask segment andDFP Index A classes continuedcontinued Page SFSCMD SERVERKEYSMSTR utilitiescontinued Page Now you can! TheIBM Online Library Productivity IBM Edition OS/390 Security Server RACF Information Page Page Communicating Your Comments to IBM commentsPublication No. GC28-1920-01 Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Note CopiesBUSINESS MAILREPLY IBMPage Drop in Back Cover Image Here IBMGC28-192ð-ð1
Top Page Image Contents