Chapter 12. NJE Considerations
Several APARs shipped on OS/390 Release 2 Security Server (RACF) have implications for NJE.
APAR OW14451
OS/390 Release 2 Security Server | (RACF) | includes | a | PTF | that | provides | f | ||||||||||||||||||
that | change | the | way |
| inbound | NJE |
| jobs | and | NJE |
| sysout | are | handled | by | ||||||||||
your | installation | uses |
| NJE | and | RACF | nodes profiles | it | is imperative | tha | |||||||||||||||
and understand this chapter before installing the new RACF release. Th | |||||||||||||||||||||||||
information | includes | a |
| brief overview of NJE security | before | and | af | ||||||||||||||||||
this release and the actions required to assure that the PTF has n | |||||||||||||||||||||||||
consequences | on your | system. It also includes information on how you | |||||||||||||||||||||||
the | enhanced | function |
| introduced | by this | PTF to | further | implement | sec | ||||||||||||||||
on your system. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
Note: | APAR | OW08457 | shipped | on | RACF | releases | prior |
| to | RACF | 2.2. The | code | |||||||||||||
| that shipped for OW08457 was in the RACF | 2.2 | base |
| program | (the | |||||||||||||||||||
| version) | and | OS/390 | Release | 1 | Security | Server | (RACF). | OW14451 | fix | |||||||||||||||
| some problems introduced by OW08457 that | are | in | the |
| RACF | 2.2 | b | |||||||||||||||||
| OS/390 Release | 1 | Security | Server | (RACF). The | phrase | “prior | to | OW0 | ||||||||||||||||
| means | “prior | to | RACF 2.2 and prior to OS/390 | Release | 1 Security | |||||||||||||||||||
| (RACF).” | In | any | case, OS/390 Release 2 Security Server (RACF) | us | ||||||||||||||||||||
| should be aware of the possible implications of the changes | O | |||||||||||||||||||||||
| OW14451 | have | on |
| NJE | processing. |
|
|
|
|
|
|
|
|
|
|
|
|
| ||||||
Before Applying the PTF | for | APAR | OW08457 |
|
|
|
|
|
|
|
| |
Prior | to | the | application of | OW08457, | RACF | did not | perform any | security | ||||
or propagation for groups associated with NJE jobs or | SYSOUT. RACF us | |||||||||||
profiles of the form NODEID.USER%.* ADDMEM(USERID) | with a | UACC | or | read | ||||||||
higher | to | translate | USERIDs | from the submitting | userid | to | an | executi | ||||
the receiving system. This type of translation was not | available | for | ||||||||||
groups. The execution | group | became | the | default | group | of | the | transla | ||||
After Applying the PTF | for | APAR | OW08457 |
|
This | PTF enables | group translation and propagation for NJE jobs | and SYSO | |
With | this | fix | applied the submitting group is propagated to | become |
group for jobs and the owning group for SYSOUT in the absence of a NODEID.GROUP%.GROUPID profiles. This service introduces the ability to
translate | groups | with | NODEID.GROUP%.GROUPID |
| profiles by | using | an | ADDMEM | |||||
with a | UACC of READ or higher. An ADDMEM | of | &DFLTGRP | will | cause | the | |||||||
USERIDs | default | group | to be | used as | the | execution | or | owning | group. | ||||
NONE on the GROUP% profile will work as | it | always | has. Because | NODES | |||||||||
profiles | only | affect | inbound | NJE work, | no | profile | changes | need | to be | ||||
outbound | NJE | work. |
|
|
|
|
|
|
|
|
|
| |
Copyright IBM Corp. 1994, 1996 | 57 |