IBM GC28-1920-01 manual

Page 90

user

ID

on

 

the

same

or

a

different

RRSF

nodecauses.Beforea DEFINE

 

request. The

DEFINE

request

 

 

 

 

a command can be directed from one user IDreplacesto

the

RACDEF

function.

 

 

 

 

 

 

 

 

 

 

 

 

 

another, a user ID association

must

be

defined

between

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

them

via

the

RACLINK

command.

 

 

 

 

 

 

 

 

DFP .

See

Data

 

Facility

Product.

 

 

 

 

 

 

 

 

 

command

interpreter

 

 

 

.

 

A

program

 

that

reads

theDFP

segment

 

.

The

portion

of

a

 

RACF

 

profile

 

 

 

 

commands

that

you

type

in

and

then

 

 

 

 

containing information relating to the users and

 

 

 

executes

them.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

When

you

are

typing

commands

into

the

 

 

resources

that

 

are

 

managed

 

by

 

the

 

data

facility

p

computer,

you

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

are

actually

typing

input

to

 

the

command

 

(DFP).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

interpreter.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The

interpreter

then

decides

how

 

to

 

perform

the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

commands

that

you

have

typed. The

 

shell

is

DIRAUTH

 

request

 

 

.

 

The

 

issuing

 

of

 

the

 

RACROUTE

 

 

 

 

 

an

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

macro with REQUEST=DIRAUTH specified. A

 

 

 

 

 

 

example of a command interpreter. Synonymous with

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

command

 

language

 

interpret. Sere

alsohell.

 

 

 

 

DIRAUTH

request

works on behalf of the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

message-transmission managers to

ensure

 

that

the

 

 

 

command

language

interpreter

 

 

 

 

.

Synonym

for

 

 

 

receiver

of a message meets security-label

 

 

 

 

command

 

interpreter.

 

 

 

 

 

 

 

 

 

 

 

 

authorization

requirements.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

coupling

facility

 

.

 

The

hardware

element

that

directed

command

 

 

.

 

A

RACF

command

that

 

is

issued

 

 

 

 

 

provides

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

from

 

a

user

ID

on

 

an

RRSF

node. It

runs

in

the

RAC

high-speed caching, list processing, and locking

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

functions

in

 

a

sysplex.

 

 

 

 

 

 

 

 

 

 

subsystem

address

space

on

 

the

same

or

a

differen

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF node under the authority of the same or a

 

D

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

different

user

 

ID. A directed command is one that

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

specifies

AT

or

 

ONLYAT. Seecommandalso

direction

 

 

 

 

 

Data

Facility

Product

(DFP)

 

 

 

 

 

 

 

 

 

 

 

 

and automatic

command

direction.

 

 

 

 

 

 

 

 

 

 

 

 

.

A

program

that

isolates

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

applications from storage devices, storage

directory .

(1) A type of file containing the names an

management, and storage device hierarchy

 

controlling

information for other files or other direc

management.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(2) A

construct

for

organizing

computer

files. As

files

data

security .

 

The protection of data from

are

 

analogous

to

folders

that

hold

 

information,

a

 

 

directory

is

analogous

to

a

drawer

 

that

can

hold

a

unauthorized

 

disclosure,

modification,

or

destruction,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

whether

accidental

or

intentional.

 

 

 

 

 

number of folders. Directories can also contain

 

 

 

 

 

 

 

 

subdirectories,

 

which can contain subdirectories of

data

security

monitor

(DSMON)

 

 

.

A

 

RACF

auditing

 

own.

(3) A

file

that

 

contains

directory

entries. No

tw

 

 

 

 

directory

entries

in

the

same

directory

can

have

t

tool

that

produces

reports

enabling

an

 

 

installation

to

 

 

 

 

file

that

points to

 

files

and

 

to

ot

verify

its

basic

system

integrity

and

 

 

same

name. (4) A

 

 

 

data-security

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

controls.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

directories. (5) An index used by a control program t

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

locate

blocks

of

data

that

 

are

stored in separate

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

data set profile . A profile that provides RACF

of

a

data

set

 

in

direct

access

storage.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

protection

for

one

or

more

data

sets. The

information

in

A

resource

profile

that

can

provide

the

profile

 

can

 

include

the

 

data-set

 

 

 

discrete

profile

 

.

 

 

 

 

profile

name,

profile

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

owner,

universal

 

access

authority,

access

 

RACF protection for only a single resource. For

 

 

 

 

list,

and

other

 

 

 

 

 

profile

can

protect

only

a

singl

data. Seediscrete

profileandg neric

profile.

 

 

 

example,

a

discrete

 

 

 

 

data

set

or

minidisk.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

data

sharing

mode

 

 

.

 

An

operational

RACF

mode

that

 

 

.

 

Seedata

 

security

.monitor

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DSMON

 

 

 

 

 

 

 

 

 

 

 

 

 

is available when RACF is enabled for sysplex

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

communication. Data sharing mode uses global

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

resource

serialization

protocol

that

allows

concurrent

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

E

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF

instances

to directly access and change

the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

same database while maintaining data integrityentityas.

A

user,

 

group,

or

resource

 

(for

example,

a

always. Data

sharing

mode

requires

installationDASDof data

set)

that

 

is

defined

to

 

RACF.

 

 

 

 

 

coupling

facility

 

hardware.

 

 

 

 

 

 

 

 

EXTRACT

request

 

 

.

 

The issuing of the RACROUTE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

default

group

.

In

RACF,

the

group specified

inmacro

userwith

REQUEST=EXTRACT

specified. An

 

 

 

 

 

 

 

 

profile

that

is

the

default

current

connect EXTRACTgroup.request

retrieves

or

 

replaces

certain

 

 

 

 

DEFINE

request

 

 

.

 

The

issuing

of

the

RACROUTE

specified

fields from a RACF profile or encodes ce

 

 

 

clear-text

(readable) data. The EXTRACT request

 

 

 

macro

with

REQUEST=DEFINE

 

specified. Also,

using replaces

the

RACXTRT

 

function.

 

 

 

 

 

 

 

 

 

 

 

 

a RACF

 

command

to

add

or

delete

a

resource

profile

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

66 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration

Page 89 Page 91
Image 90
Page 89 Page 91
Contents Security Server RACF Planning Installation and Migration OS/390Place graphic in this area. Outline is keyline only. DO NOT PRINT Page Security Server RACF Planning Installation and Migration Second Edition, September 1996. AllPage Page Contents MigrationAdministration Considerations Customization ConsiderationsAuditing Considerations Chapter Operational ConsiderationsIndex 10. ApplicationPage Figures Page Notices Trademarks Who Should Use This Book How to Use ThisAbout This Book xiiiŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 Where to Find More InformationSoftcopy Publications ServerUsing the Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Ÿ Tutorial Options for Tuning GG22RACFInternet Sources Other Sources of InformationIBM Discussion Areas listserv@uga.cc.uga.eduPublications To Request Copies ofOS/390 xviiiFeatures OSA/SF ServiceŸ OpenEditionProduct V2R5TSO/EPage Summary of Changes Page Migration Planning Considerations Chapter 1. PlanningMigration Installation Considerations Administration ConsiderationsCustomization Considerations Application Development Considerations Auditing ConsiderationsOperational Considerations General User ConsiderationsPage Chapter 2. Release Overview New and Enhanced Supportfunction OS/390 OpenEdition DCEidentifies introduced in OS/390 ReleaseConcepts CheckOS/390 OpenEdition Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights SOMobjects for MVSnon-main Multisystem NodesRRSF Network systemsOS/390 Enable and Disable Functions YearTARGET classes NetView1.10 Facilityidentifies function Function Not Upgradedupdated for that3. Summary of Components forRelease Class Descriptor Table CDTwhich Commandslists classes thereCommand Chapter 3. Summary of Changes to RACF Components for OS/390 15Releaselists changed Data AreasExits general-use programming interface GUPI data areFigure 12 lists changes MacrosMessages RACF macrosMessages New MessagesChanged Messages RACF Database Split/Merge Utility IRRUT400Routines PanelsPublications Library Figure 13 lists RACF panels that areFigure 16 identifies changes to RACF members of SYS1.SAMPLIB SYS1.SAMPLIBTemplates RACROUTE REQUEST=EXTRACTUtilities Figure 18 lists changes to RACF utilities for OS/390 ReleaseTemplate Utility 0280Chapter 4. Planning Considerations OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Migration StrategySoftware Requirements RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements RACF Migration and Planning for RACFCompatibility Compatibility Considerations for Remote SharingRequirements Page Considerations Chapter 5. Installation ConsiderationsEnabling RACF Networksare in your existing workspace data sets when you installationconfigured install multisystem RChapter 5. Installation Considerations29 mustsysname prefixnodename local-luprefix.local-node.local-node .INMSG This section discusses storage considerations for RACF RACF Storage ConsiderationsVirtual Storage Figure 21 estimates RACF virtual storage usage, for planning purposesCustomer Additions to the CDT Subpoolinformation, OS/390see Security Server Templates for RACF onOS/390 Release Systemand IRRSXT00 Chapter 6. Customization ConsiderationsExit Processing Effects of OS/390 OpenEdition DCEIRRSXT00 Installation Exit RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01Cross-Linking Between RACF Users Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide signonDCEUUIDS Class Signon toActivating single signon restrictionsOpenEditionsee DCE Administration .Guide OS/390 OpenEdition DCE Application Considerationsthe DCE Encryption Key OpenEdition Planning, and inOS/390 OpenEdition Programming Assembler Library ReferenceThreads and Changes to RACF Authorization Processing Restrictionscallable servicepthread orsecuritynp Rdceruid Callable Service UtilityEnhancements to the Chapter 7. Administration Considerations43 SYSMVIEWPage Auditors Guide and OS/390 Chapter 8. Auditing ConsiderationsSMF Records Server RACF MacrosServices Auditing New OS/390Interfaces Report Writer Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support SMF Data Unload UtilityPage Chapter 9. Operational Considerations CommandOS/390 Security Server RACF Command Language Referencefor more Enabling and DisablingPage Servers Chapter 10. Application Development Considerations2000 Support 01yydddFNew Application Services and Security pthread the securitynpChanges to the Class Descriptor Table ServiceNew Application Authorization Programming InterfacesŸ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Ÿ “Routines” on pageOpenEdition Chapter 11. General UserConsiderations Reference forPage OW08457 Chapter 12. NJE ConsiderationsAPAR OW14451 After Applying the PTFUACC Actions RequiredOW08457 NODESAPAR OW15408 GROUPFAILSAFE Page Nodes Chapter 13. ScenariosMigrating an Existing RRSFprefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEMIAMI2 DELETERACF Diagnosis On ORLANDODELETE prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE Note TheGlossary accessdirection Page Seegeneral-use programming Seeinventoryprogramming Seelogical Seemultisystemlogical other.single-system supervisorytask segment andDFP Index A classes continuedcontinued Page SERVER SFSCMDKEYSMSTR utilitiescontinued Page IBM  Now you can! TheIBM Online Library ProductivityEdition OS/390 Security Server RACF Information Page Page Communicating Your Comments to IBM commentsPublication No. GC28-1920-01 Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Note CopiesBUSINESS MAILREPLY IBMPage IBM Drop in Back Cover Image HereGC28-192ð-ð1
Top Page Image Contents