IBM GC28-1920-01 manual Seegeneral-use programming, Seeinventory

Page 91
Seegeneral-use programming

F

(optional) supplementary group IDs, or an (optional) saved set-group-ID.

FASTAUTH request

.

The

issuing

of

the RACROUTE

.

A profile that

defines a

group. The

macro with REQUEST=FASTAUTH specified. The

group profile

information in

the profile includes the

group name,

primary function of a

FASTAUTH

request

is to

check

a

 

 

 

 

 

 

 

 

 

 

profile owner, and users in the group.

 

user's authorization to a RACF-protected resource or

 

 

 

function. A

FASTAUTH

request uses

only

in-storage

Seegeneral-use programming

interface.

 

profiles for faster performance. The FASTAUTH

GUPI .

 

 

 

 

 

 

request replaces the FRACHECK function. See also

 

 

 

 

authorization checking.

 

 

 

 

H

 

 

 

 

G

HFS . Seehierarchical file. system

general

resource

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

hierarchical

file

system

 

(HFS) .

 

Information

is

 

 

 

 

 

 

.

 

Any

 

system

 

resource,

other

than

 

 

 

 

in

a

 

tree-like

 

structure

of

directories.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

organized

 

 

MVS

data

set,

 

that

 

is

defined in

the

class

 

 

scriptor

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

directory

can contain files or other directories.

table (CDT). General resources are

DASD

volumes,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

tape volumes, load modules, terminals, IMS and CICS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

transactions,

and

installation-defined

resource

Iclasses.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

general

resource

profile

 

 

.

A

profile

that

 

 

 

ICB .

Seeinventory

 

control

 

.block

 

 

 

 

 

 

 

 

 

 

 

 

provides

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF

protection

 

for

one

or

 

more

general

resources.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The

information

 

in

the

profile

can

 

include

 

inventory

control

block

 

(ICB) .

 

The

 

first block

in

a

 

 

 

 

the

 

general

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF database. The ICB contains a general

 

 

 

 

resource profile name, profile owner, universal access

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

authority,

access

list,

and

other

 

data.

 

description

of

 

the

database.

 

 

 

 

 

 

 

 

general-use programming interface (GUPI)

 

 

 

 

.

 

An

 

 

 

Kin

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

interface that IBM makes available for use

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

customer-written

programs

with

few

restrictions

and

that

 

 

OpenEdition

 

MVS,

the

part

of

an

 

 

does

not

require knowledge

of

the

detailed

kernel

 

 

.

 

(1) In

 

 

 

design or

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

implementation

of

the

IBM

software

 

 

 

 

 

operating system that contains programs for such ta

 

product. See

 

also

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

product-sensitive

programming

interface.

(PSPI)

as

I/O, management, and control of hardware and th

scheduling

of

user

tasks.

(2) The

 

part

of

the

sys

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

generic

profile

 

.

 

A

resource

 

profile

that

can

that

is

an

interface

with

the hardware

and

provi

 

 

 

provide

 

for

other

system

layers

 

such

as

system

RACF

protection

 

for

one

or

 

more

 

 

 

 

 

 

services

 

 

 

resources. The

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(3) The

p

resources protected by a generic

profile

file system support, and device drivers.

have

similar

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

names

and

identical

security

requirements. Foran

 

 

operating system that performs basic functions s

example,

a

generic

data-set

profile

can

 

as

 

 

allocating

hardware

resources.

(4) A

program

that

protect

one

or

 

different

 

operating

 

system

environments

more

data

sets.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

can

 

run

 

under

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

See

 

alsoshell. (5) A

part

of

 

a

 

program

that

must

be

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GID .

Seegroup

 

identifier.

 

 

 

 

 

 

 

 

 

 

central

 

storage

 

in

order

to

 

load

 

other

parts

of

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

program.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

group

.

 

A

collection

 

of

RACF-defined

users

who

can

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

share

access

 

authorities

 

for

protected

resources.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

L

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

group

authority

 

.

 

An

authority

 

specifying

which

LIST

 

 

request

 

.

The

issuing

of

the

RACROUTE

macro

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

functions a user can perform in a group. The group

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

authorities

are

USE,

CREATE,

 

CONNECT,

and

JOIN. with

REQUEST=LIST

 

specified. A

 

LIST

 

request

builds

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

in-storage profiles for

RACF-defined

resources. The

group

identifier

(GID) .

(1) In

 

OpenEdition

MVS,

a

LIST

 

request

replaces

the

RACLIST

 

function.

 

 

 

unique

number

assigned

to

a

group

 

of

related

 

users.

 

(LU)

 

.

Local

 

LUs

 

are

LUs

defined

to

The

GID

can

often

be

 

substituted

in

 

 

local

 

logical

unit

 

 

 

 

commands

 

that

 

system;

 

partner

 

LUs

are

defined

to remote

take a

group

 

name

as

an

argument.

(2) A

 

 

the

 

MVS

 

 

 

 

 

 

systems. It

is

 

a

matter

of

 

point

of view. From

th

non-negative

integer,

 

which

can

be

 

contained

 

 

 

 

in

 

an

 

 

of

a

 

remote

system,

LUs

defined

to

that

object

of gidtypet,that

is

used to

 

 

 

 

 

of

 

view

 

identify a group

 

of

 

 

 

and

those

 

on

 

MVS

are

the

partner

system

 

users. Each

system

 

 

 

 

 

 

 

 

 

are

 

local

LUs,

 

 

 

 

user is a member of

 

at

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

least

one

group. When

the

 

identity

of

a

group

 

is

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A partner LU might or might not be on the same s

associated

with

a

process,

a

group

ID

value

 

 

is

referred

 

 

 

both

LUs

are

on

the

same

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

as

 

 

the

 

local

LU. When

to

as

 

a

real

 

group

ID,

an

effective

group

ID,

one

of

the

 

 

which

communication is initia

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

system,

 

the

LU

 

through

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Glossary

 

67

 

 

 

 

Page 90 Page 92
Image 91
Page 90 Page 92
Contents OS/390 Security Server RACF Planning Installation and MigrationPlace graphic in this area. Outline is keyline only. DO NOT PRINT Page OS/390 1996. All Second Edition, SeptemberPage Page Migration ContentsCustomization Considerations Administration ConsiderationsAuditing Considerations 10. Application Operational ConsiderationsIndex ChapterPage Figures Page Notices Trademarks xiii How to Use ThisAbout This Book Who Should Use This BookServer Where to Find More InformationSoftcopy Publications Ÿ The OS/390 Security Server RACF Information , PackageSK2T-2180Ÿ Tutorial Options for Tuning GG22RACF Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Using thelistserv@uga.cc.uga.edu Other Sources of InformationIBM Discussion Areas Internet SourcesTo Request Copies of Publicationsxviii OS/390Features V2R5TSO/E ServiceŸ OpenEditionProduct OSA/SFPage Summary of Changes Page Chapter 1. Planning Migration Planning ConsiderationsMigration Administration Considerations Installation ConsiderationsCustomization Considerations General User Considerations Auditing ConsiderationsOperational Considerations Application Development ConsiderationsPage New and Enhanced Support Chapter 2. Release Overviewintroduced in OS/390 Release OS/390 OpenEdition DCEidentifies functionCheck ConceptsSOMobjects for MVS Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights OS/390 OpenEditionsystems Multisystem NodesRRSF Network non-mainYear OS/390 Enable and Disable FunctionsTARGET Facility NetView1.10 classesthat Function Not Upgradedupdated for identifies functionClass Descriptor Table CDT Components forRelease 3. Summary ofthere Commandslists classes whichChapter 3. Summary of Changes to RACF Components for OS/390 15Release Commandgeneral-use programming interface GUPI data are Data AreasExits lists changedRACF macros MacrosMessages Figure 12 lists changesRACF Database Split/Merge Utility IRRUT400 New MessagesChanged Messages MessagesFigure 13 lists RACF panels that are PanelsPublications Library RoutinesRACROUTE REQUEST=EXTRACT SYS1.SAMPLIBTemplates Figure 16 identifies changes to RACF members of SYS1.SAMPLIBFigure 18 lists changes to RACF utilities for OS/390 Release UtilitiesTemplate 0280 UtilityMigration Strategy OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Chapter 4. Planning ConsiderationsRACF Migration and Planning for RACF RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements Software RequirementsCompatibility Considerations for Remote Sharing CompatibilityRequirements Page Networks Chapter 5. Installation ConsiderationsEnabling RACF Considerationsinstall multisystem R installationconfigured are in your existing workspace data sets when youmust Chapter 5. Installation Considerations29local-lu prefixnodename sysnameprefix.local-node.local-node .INMSG Figure 21 estimates RACF virtual storage usage, for planning purposes RACF Storage ConsiderationsVirtual Storage This section discusses storage considerations for RACFSubpool Customer Additions to the CDTSystem Templates for RACF onOS/390 Release information, OS/390see Security ServerEffects of OS/390 OpenEdition DCE Chapter 6. Customization ConsiderationsExit Processing and IRRSXT00RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation Exitsignon Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide Cross-Linking Between RACF UsersSignon to DCEUUIDS ClassActivating OS/390 OpenEdition DCE Application Considerations single signon restrictionsOpenEditionsee DCE Administration .Guidethe DCE Encryption Key Library Reference OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerThreads and Restrictions Changes to RACF Authorization Processingcallable servicepthread orsecuritynp Utility Rdceruid Callable ServiceEnhancements to the SYSMVIEW Chapter 7. Administration Considerations43Page Server RACF Macros Chapter 8. Auditing ConsiderationsSMF Records Auditors Guide and OS/390Auditing New OS/390 ServicesInterfaces SMF Data Unload Utility Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support Report WriterPage Enabling and Disabling CommandOS/390 Security Server RACF Command Language Referencefor more Chapter 9. Operational ConsiderationsPage 01yydddF Chapter 10. Application Development Considerations2000 Support Serverspthread the securitynp New Application Services and SecurityProgramming Interfaces ServiceNew Application Authorization Changes to the Class Descriptor TableŸ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on pageReference for Chapter 11. General UserConsiderations OpenEditionPage After Applying the PTF Chapter 12. NJE ConsiderationsAPAR OW14451 OW08457NODES Actions RequiredOW08457 UACCGROUP APAR OW15408FAILSAFE Page RRSF Chapter 13. ScenariosMigrating an Existing NodesprefixTARGET NODEMIAMI2 DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEORLANDO DELETEOn ORLANDO RACF DiagnosisDELETE Note The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACEaccess Glossarydirection Page Seeinventory Seegeneral-use programmingprogramming Seemultisystem Seelogicallogical supervisory other.single-systemtask segment andDFP classes continued Index Acontinued Page SFSCMD SERVERKEYSMSTR utilitiescontinued Page Now you can! TheIBM Online Library Productivity IBM Edition OS/390 Security Server RACF Information Page Page comments Communicating Your Comments to IBMNote Copies Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Publication No. GC28-1920-01IBM MAILREPLY BUSINESSPage Drop in Back Cover Image Here IBMGC28-192ð-ð1
Top Page Image Contents