IBM GC28-1920-01 manual Actions Required, OW08457, Uacc, Nodes, Addmem&Dfltgrp

Page 82

Actions Required

With

 

OW08457 and OW14451, group propagation and

group

translation

has

 

be

fixed for NODES profiles, both for batch jobs and for SYSOUT. This ch

significantly

alter

the

external

results

of

your

NJE

 

environment

and

 

your

must

decide

what

changes

will

best

suit your

needs.

 

 

 

 

 

 

 

 

 

Case

 

1: Nodes defined to &RACLNDE.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

For

nodes defined to the RACFVARS

variable &RACLNDE, there is no change

(group

propagation

still

does

 

not

 

occur,

and

group translation

was

never

It was determined that fixing group propagation for this case would

disruption, so it was left unchanged. Remember

that

if

a

node

is

def

&RACLNDE,

no

NODES

profile

lookup

 

will

 

take

place.

 

 

 

 

 

 

 

 

 

 

 

 

Case

 

2: Getting NODES externals to

work

as

they

 

did

 

prior

to

 

OW08457

an

OW14451

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Your

 

installation

might

decide

to

 

continue to base NJE security

primari

user

 

ID, and let the resulting job or SYSOUT

take

that

 

user

 

ID's

 

de

purposes of verification. This was

the case prior to these APARs. Thes

steps

suggested

for

achieving

the

same

effect

with

the

revised

ext

Note:

 

The changes listed below in

steps

1

and

2 must be made on

 

all

 

 

where you want processing to work as it

did

prior

to

OW08457

 

and

 

 

OW14451.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Step

1:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Delete all GROUPJ and GROUPS

NODES

 

profiles

that

have

a

UACC

 

value

 

gre

than

or equal to READ. These profiles were previously

irrelevant

but

now

result

in

failing

jobs

or

unowned

 

SYSOUT. Note that GROUPJ and GROUPS

NODES

profiles with a UACC value of NONE already worked and still work as

documented.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Step

2:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Create a NODES profile of the format nodeid.GROUP%.* UACC(READ)

 

 

 

 

 

 

ADDMEM(&DFLTGRP)

for

each

node

for

which

you

expect

inbound

work. If

 

no

more-specific NODES profiles exist

 

than nodeid.GROUP%.* that would protec

inbound work(e.g. nodeid.*.*), the profile *.GROUP%.* UACC(READ)

 

 

 

 

 

 

ADDMEM(&DFLTGRP) can be created instead of the individual nodeid.GROUP%.*

profiles. After

 

the

NODES profiles

 

are

created,

 

do

any

necessary

refr

in-storage

profiles. The

new

profile(s)

cause

RACF

to

use

the

 

default

NJE

verification

after

the

user

 

ID has been propagated and possibly

Note

that without step 1 above,

 

there could be more specific GROUP

"GROUPS"

profiles

so

that

the

&DFLTGRP

wouldn't

be

used consistently,

 

res

in problems

 

described

above.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Case 3: Making use of group propagation in NJE security

 

 

 

 

 

 

 

 

Because

group

propagation

and

group

translation

were

not

functional

until

RACF

recommends

the

following

steps

for

making

 

the

transition

to

 

this

 

func

Step

1:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

58 OS/390 V1R2.0 Security

Server

(RACF)

Planning: Installation

and

Migration

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Page 81 Page 83
Image 82
Page 81 Page 83
Contents OS/390 Security Server RACF Planning Installation and MigrationPlace graphic in this area. Outline is keyline only. DO NOT PRINT Page Security Server RACF Planning Installation and Migration Second Edition, September 1996. AllPage Page Contents MigrationCustomization Considerations Administration ConsiderationsAuditing Considerations Chapter Operational ConsiderationsIndex 10. ApplicationPage Figures Page Notices Trademarks Who Should Use This Book How to Use ThisAbout This Book xiiiŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 Where to Find More InformationSoftcopy Publications ServerUsing the Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Ÿ Tutorial Options for Tuning GG22RACFInternet Sources Other Sources of InformationIBM Discussion Areas listserv@uga.cc.uga.eduPublications To Request Copies ofxviii OS/390Features OSA/SF ServiceŸ OpenEditionProduct V2R5TSO/EPage Summary of Changes Page Chapter 1. Planning Migration Planning ConsiderationsMigration Administration Considerations Installation ConsiderationsCustomization Considerations Application Development Considerations Auditing ConsiderationsOperational Considerations General User ConsiderationsPage Chapter 2. Release Overview New and Enhanced Supportfunction OS/390 OpenEdition DCEidentifies introduced in OS/390 ReleaseConcepts CheckOS/390 OpenEdition Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights SOMobjects for MVSnon-main Multisystem NodesRRSF Network systemsYear OS/390 Enable and Disable FunctionsTARGET classes NetView1.10 Facilityidentifies function Function Not Upgradedupdated for that3. Summary of Components forRelease Class Descriptor Table CDTwhich Commandslists classes thereCommand Chapter 3. Summary of Changes to RACF Components for OS/390 15Releaselists changed Data AreasExits general-use programming interface GUPI data areFigure 12 lists changes MacrosMessages RACF macrosMessages New MessagesChanged Messages RACF Database Split/Merge Utility IRRUT400Routines PanelsPublications Library Figure 13 lists RACF panels that areFigure 16 identifies changes to RACF members of SYS1.SAMPLIB SYS1.SAMPLIBTemplates RACROUTE REQUEST=EXTRACTFigure 18 lists changes to RACF utilities for OS/390 Release UtilitiesTemplate Utility 0280Chapter 4. Planning Considerations OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Migration StrategySoftware Requirements RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements RACF Migration and Planning for RACFCompatibility Considerations for Remote Sharing CompatibilityRequirements Page Considerations Chapter 5. Installation ConsiderationsEnabling RACF Networksare in your existing workspace data sets when you installationconfigured install multisystem RChapter 5. Installation Considerations29 mustsysname prefixnodename local-luprefix.local-node.local-node .INMSG This section discusses storage considerations for RACF RACF Storage ConsiderationsVirtual Storage Figure 21 estimates RACF virtual storage usage, for planning purposesCustomer Additions to the CDT Subpoolinformation, OS/390see Security Server Templates for RACF onOS/390 Release Systemand IRRSXT00 Chapter 6. Customization ConsiderationsExit Processing Effects of OS/390 OpenEdition DCEIRRSXT00 Installation Exit RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01Cross-Linking Between RACF Users Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide signonSignon to DCEUUIDS ClassActivating OS/390 OpenEdition DCE Application Considerations single signon restrictionsOpenEditionsee DCE Administration .Guidethe DCE Encryption Key Library Reference OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerThreads and Restrictions Changes to RACF Authorization Processingcallable servicepthread orsecuritynp Utility Rdceruid Callable ServiceEnhancements to the Chapter 7. Administration Considerations43 SYSMVIEWPage Auditors Guide and OS/390 Chapter 8. Auditing ConsiderationsSMF Records Server RACF MacrosAuditing New OS/390 ServicesInterfaces Report Writer Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support SMF Data Unload UtilityPage Chapter 9. Operational Considerations CommandOS/390 Security Server RACF Command Language Referencefor more Enabling and DisablingPage Servers Chapter 10. Application Development Considerations2000 Support 01yydddFNew Application Services and Security pthread the securitynpChanges to the Class Descriptor Table ServiceNew Application Authorization Programming InterfacesŸ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Ÿ “Routines” on pageOpenEdition Chapter 11. General UserConsiderations Reference forPage OW08457 Chapter 12. NJE ConsiderationsAPAR OW14451 After Applying the PTFUACC Actions RequiredOW08457 NODESGROUP APAR OW15408FAILSAFE Page Nodes Chapter 13. ScenariosMigrating an Existing RRSFprefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEMIAMI2 DELETEOn ORLANDO RACF DiagnosisDELETE prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE Note Theaccess Glossarydirection Page Seeinventory Seegeneral-use programmingprogramming Seelogical Seemultisystemlogical other.single-system supervisorytask segment andDFP Index A classes continuedcontinued Page SFSCMD SERVERKEYSMSTR utilitiescontinued Page Now you can! TheIBM Online Library Productivity IBM Edition OS/390 Security Server RACF Information Page Page Communicating Your Comments to IBM commentsPublication No. GC28-1920-01 Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Note CopiesBUSINESS MAILREPLY IBMPage Drop in Back Cover Image Here IBMGC28-192ð-ð1
Top Page Image Contents