IBM GC28-1920-01 manual Glossary, direction, access

Page 89
Glossary

Glossary

A

 

 

 

 

 

 

 

 

 

 

 

 

active. See alsoutomatic password directionand

 

 

 

 

 

 

 

 

 

 

 

 

 

 

command

direction.

 

 

 

 

 

 

 

 

 

 

access .

The

 

ability

to

obtain the

use

of

a

protected

.

An

RRSF

function

that

 

 

resource.

 

 

 

 

 

 

 

 

 

 

automatic

direction

 

 

 

 

 

 

 

 

 

 

 

 

automatically directs commands and password-related

access

authority

 

.

An

authority

related

to

a

updates to one or more remote systems. See also

 

request

for

 

 

 

 

 

 

 

 

 

 

 

a type of

access

to

protected

 

 

 

automatic

command directionandautomatic password

 

resources. In

RACF,

the

 

 

 

 

 

 

 

 

 

 

 

access authorities are NONE, EXECUTE, READ,

direction.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

UPDATE,

CONTROL,

 

and

ALTER.

 

 

 

 

 

automatic

password

direction

 

.

An

extension

of

 

 

accessor

environment

element

(ACEE)

 

.

A

 

 

password

synchronization

and

automatic

command

 

 

 

 

direction

that causes

RACF

to

automatically

change

description

of

the

 

current

user,

including

 

user

ID,

for

a

user

 

ID

on

 

one

or

more

remote no

current

connect

group, user

attributes,

and

password

 

 

group

the password

for that

user ID

is

changed

 

 

 

 

 

 

 

 

 

 

 

 

 

after

authorities. An ACEE is constructed during userlocal node. Profiles in the RRSFDATA class control for

identification

 

and

verification.

 

 

 

 

 

 

direction are active. passwordSee also

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ACEE .

 

Seeaccessor

environment

 

element.

 

 

 

 

synchronization,

 

automatic

command

direction, and

 

 

 

 

 

 

 

 

automatic

direction.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

appropriate

privileges

 

 

.

 

In

the

 

OpenEdition

 

MVS

 

Cor

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

implementation, superuser authority. A trusted

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

privileged attribute is an attribute associated with a

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

started

procedure

address

 

space

and

with

any

 

 

process

.

 

A

coupling

facility

structure

that

associated

with

the

address

space.

 

 

 

 

cache

 

structure

 

 

 

 

 

contains data accessed by systems in a sysplex.

AUDIT

request

 

.

 

The

issuing

of

the

 

 

 

 

 

provides

a

way

for

multiple

systems

to

determine t

 

 

RACROUTE macro

 

 

 

 

of

copies

 

of

the

cache

 

structure

data

with

REQUEST=AUDIT

 

specified. An

AUDIT

 

 

validity

 

 

 

request

is

storage.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

local

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

a general-purpose security-audit request that can

be

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

used to

audit

a

specified

 

resource

 

name

and

 

action.

.

 

In

 

OpenEdition

 

MVS,

a

request

by

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

callable

 

 

service

 

 

 

AUTH

request

 

.

 

The

issuing

of

 

the

RACROUTE

 

an

active process

 

for

a

service. Synonymous

with

 

 

 

macro

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

with

REQUEST=AUTH

specified. The

primary

 

 

syscall, system call.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

function

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

of

an

AUTH

request

is

to

check

a

user's

authorization

to

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CDT .

 

Seeclass

descriptor. table

 

 

 

 

 

 

 

a RACF-protected resource or function. The AUTH

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

request

replaces

 

the

RACHECK

 

function. See

also

 

 

 

A

collection

 

of

RACF-defined

entities

(users,

authorization

checking.

 

 

 

 

 

 

 

 

 

 

 

class .

 

 

 

 

 

 

 

 

 

 

 

 

groups, and resources) with similar characteristics.

authority .

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

class

 

names

are

USER,

GROUP,

 

DATASET,

and

the

 

 

The

right

to

access

objects,

resources,

or

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

classes that are defined in the class descriptor

functions. Seeaccess authority, class authority,nd

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

group

authority.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

class

 

 

authority

(CLAUTH)

 

.

An

authority

 

enabling

a

 

authorization

checking

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

user to define RACF profiles in a class defined

 

 

.

The

action

of determining

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

class descriptor table. A user can have class

 

whether

a

user

is

permitted

access

to

a

protected

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

authorities to one or more classes.

 

 

 

 

resource. RACF performs authorization checking as a

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

result of a RACROUTE REQUEST=AUTH or

 

 

 

 

class

 

 

descriptor

table

 

(CDT) .

 

A table

consisting of

an

RACROUTE

REQUEST=FASTAUTH.

 

 

 

 

 

 

 

 

 

 

 

entry

 

for each class except the USER, GROUP, and

automatic

command

direction

 

 

 

.

An

 

 

extension

of

 

DATASET

 

 

classes. The

 

table

is

generated

by

 

 

 

 

 

 

 

 

executing

the

ICHERCDE

macro

once

for

each

class.

command

direction

that

causes

RACF

to

 

automatically

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The class descriptor table contains both the IBM

direct

certain

commands

to

one

or

more

remote

nodes

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

provided classes and also the installation defined

after

running

the

 

commands

on

 

the

issuing

node.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

classes.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Commands can be automatically directed based on who

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

issued

the

command,

the

command

name,

 

or

the profile

Seeclass

authority.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CLAUTH

 

 

 

.

 

 

 

 

 

 

 

 

 

class related to the command. Profiles in the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSFDATA class control to which commands

 

are

 

command

 

 

direction

 

.

 

A

RRSF

function

that

allows

a

 

automatically

directed

when

 

automatic

 

directionuseris to

issue

 

a

 

command

from

one

user

ID

and

di

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

that

 

 

command

to

 

run

 

under

the

authority

of

a

dif

 Copyright

IBM

Corp.

1994,

1996

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

65

 

 

 

Page 88 Page 90
Image 89
Page 88 Page 90
Contents Place graphic in this area. Outline is keyline only. DO NOT PRINT Security Server RACF Planning Installation and MigrationOS/390 Page OS/390 1996. All Second Edition, SeptemberPage Page Migration ContentsAuditing Considerations Administration ConsiderationsCustomization Considerations Index Operational ConsiderationsChapter 10. ApplicationPage Figures Page Notices Trademarks About This Book How to Use ThisWho Should Use This Book xiiiSoftcopy Publications Where to Find More InformationŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 ServerElements of Security RACF Installation - Student GG24-3971Notes Administration, H3927Using the Ÿ Tutorial Options for Tuning GG22RACFIBM Discussion Areas Other Sources of InformationInternet Sources listserv@uga.cc.uga.eduTo Request Copies of PublicationsFeatures OS/390xviii Product ServiceŸ OpenEditionOSA/SF V2R5TSO/EPage Summary of Changes Page Migration Migration Planning ConsiderationsChapter 1. Planning Customization Considerations Installation ConsiderationsAdministration Considerations Operational Considerations Auditing ConsiderationsApplication Development Considerations General User ConsiderationsPage New and Enhanced Support Chapter 2. Release Overviewidentifies OS/390 OpenEdition DCEfunction introduced in OS/390 ReleaseCheck ConceptsAuditing the Passing of Access Rights Authorizing and Auditing Server Access to the CCS and WLM ServicesOS/390 OpenEdition SOMobjects for MVSRRSF Network Multisystem Nodesnon-main systemsTARGET OS/390 Enable and Disable FunctionsYear 1.10 NetViewclasses Facilityupdated for Function Not Upgradedidentifies function thatRelease Components for3. Summary of Class Descriptor Table CDTlists classes Commandswhich thereChapter 3. Summary of Changes to RACF Components for OS/390 15Release CommandExits Data Areaslists changed general-use programming interface GUPI data areMessages MacrosFigure 12 lists changes RACF macrosChanged Messages New MessagesMessages RACF Database Split/Merge Utility IRRUT400Publications Library PanelsRoutines Figure 13 lists RACF panels that areTemplates SYS1.SAMPLIBFigure 16 identifies changes to RACF members of SYS1.SAMPLIB RACROUTE REQUEST=EXTRACTTemplate UtilitiesFigure 18 lists changes to RACF utilities for OS/390 Release 0280 UtilityRACF Planning Installation and Migrationfor RACF OS/390 Security Server RACF Planning Installation and forMigrationChapter 4. Planning Considerations Migration StrategyHardware Requirements RACF Planning Installation and Migrationfor RACF 2.1, andSoftware Requirements RACF Migration and Planning for RACFRequirements CompatibilityCompatibility Considerations for Remote Sharing Page Enabling RACF Chapter 5. Installation ConsiderationsConsiderations Networksconfigured installationare in your existing workspace data sets when you install multisystem Rmust Chapter 5. Installation Considerations29nodename prefixsysname local-luprefix.local-node.local-node .INMSG Virtual Storage RACF Storage ConsiderationsThis section discusses storage considerations for RACF Figure 21 estimates RACF virtual storage usage, for planning purposesSubpool Customer Additions to the CDTOS/390 Release Templates for RACF oninformation, OS/390see Security Server SystemExit Processing Chapter 6. Customization Considerationsand IRRSXT00 Effects of OS/390 OpenEdition DCERACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation ExitServer RACF Security Administrators. Guide Chapter 7. Administration ConsiderationsCross-Linking Between RACF Users signonActivating DCEUUIDS ClassSignon to the DCE Encryption Key single signon restrictionsOpenEditionsee DCE Administration .GuideOS/390 OpenEdition DCE Application Considerations Threads and OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerLibrary Reference callable servicepthread orsecuritynp Changes to RACF Authorization ProcessingRestrictions Enhancements to the Rdceruid Callable ServiceUtility SYSMVIEW Chapter 7. Administration Considerations43Page SMF Records Chapter 8. Auditing ConsiderationsAuditors Guide and OS/390 Server RACF MacrosInterfaces ServicesAuditing New OS/390 Auditing SystemView for MVS Support Auditing OS/390 OpenEdition DCE SupportReport Writer SMF Data Unload UtilityPage OS/390 Security Server RACF Command Language Referencefor more CommandChapter 9. Operational Considerations Enabling and DisablingPage 2000 Support Chapter 10. Application Development ConsiderationsServers 01yydddFpthread the securitynp New Application Services and SecurityNew Application Authorization ServiceChanges to the Class Descriptor Table Programming InterfacesŸ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on pageConsiderations Chapter 11. General UserOpenEdition Reference forPage APAR OW14451 Chapter 12. NJE ConsiderationsOW08457 After Applying the PTFOW08457 Actions RequiredUACC NODESFAILSAFE APAR OW15408GROUP Page Migrating an Existing Chapter 13. ScenariosNodes RRSFOn MIAMI2 prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEprefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 DELETEDELETE RACF DiagnosisOn ORLANDO Note The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACEdirection Glossaryaccess Page programming Seegeneral-use programmingSeeinventory Seemultisystem Seelogicallogical supervisory other.single-systemtask segment andDFP classes continued Index Acontinued Page KEYSMSTR SERVERSFSCMD utilitiescontinued Page Edition OS/390 Security Server RACF Information IBM Now you can! TheIBM Online Library Productivity Page Page comments Communicating Your Comments to IBMOS/390 Security Server RACF Planning Installation and Migration Readers Comments - Wed Like to Hear from YouPublication No. GC28-1920-01 Note CopiesREPLY MAILBUSINESS IBMPage GC28-192ð-ð1 IBMDrop in Back Cover Image Here
Top Page Image Contents