IBM GC28-1920-01 manual logical

Page 93

Ÿ

Daemon

 

processes,

 

which

do

 

systemwide

functionsPSPI .

 

Seeproduct-sensitive

programming

 

interface.

 

 

 

 

in

user

mode,

 

such

as

printer

spooling

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Ÿ

Kernel

 

processes, which do systemwide functions in

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

kernel

 

mode,

such

 

as

paging

 

 

 

 

 

 

 

 

R

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A

process

 

can

run

in

 

an

OpenEdition

user

address

 

 

See

Resource

Access

Control

Facility.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF .

 

 

 

 

space, an OpenEdition forked address space, or an

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

OpenEdition

 

kernel

 

address

space. In

an

MVS

system,

 

 

 

.

A

collection

 

of

interrelated

or

 

 

 

a process is handled like a task.. See(4) Analso

RACF

 

database

 

 

 

 

 

independent

data items stored together without

 

 

address

space

and

one

or

more

threads

of

control

 

that

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

unnecessary redundancy, to serve Resource Access

 

execute

 

within

that

address

space,

and

their

required

 

(RACF).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Control

Facility

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

system

resources.

(5) An

address

space

and

single

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

thread of control that executes

within thatRACFaddressremote sharing facility

(RRSF)

 

 

.

 

RACF

 

 

 

 

 

 

 

 

 

space, and its required system

resources. Aserviprocess thatis

function

within

the

RACF

subsystem

 

 

created

 

by another process fork()issuingfunctionthe .

 

address space

to

provide

 

network

capabilities

 

to

 

The process that fork()issuesis known as the parent

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

process,

 

and

the

 

new process createdfork() isby

 

theRACF

remove

 

ID

 

utility .

 

A

RACF

 

utility

which

 

 

 

 

 

known

as

the

child

process.

(6) A

sequence ofidentifiesactions references to user IDs and group IDs

required

 

to

produce

 

a

desired

result. (7) AnRACFentitydatabase. The

utility

can

be

used

 

to

find

 

receiving

 

a

portion

of

the

processor's

time

referfor executingnces to

residual

user

 

IDs

and

group

IDs

 

a

program.

(8) An

activity

within

the

system

 

thatspecifiedis

 

user

IDs

and

group

IDs. The

output

fr

started

by a command, a shell program, or

anotherutility

 

is

a set of RACF commands that can be use

process. Any running program is a

process. (9) removeA

 

the

references from the RACF database aft

unique,

finite

course

 

of

events

defined

byreviewits purposeand possibleor

 

modification

by

 

the

customer.

 

by its

effect,

 

achieved

under

given

conditions.

(10) Any

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

operation

 

or

combination

of

operations on

 

 

RACF

 

report

 

writer

 

.

A

 

RACF

function

that

produces

 

 

 

 

data.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(11) The

 

current

 

state

of

a

 

program

that

 

reports

 

on

system use

and

 

resource

 

use

from

 

 

 

 

 

 

is

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

running—including

a

 

memory

image,

 

the

program

 

information

 

found

in

the

RACF

SMF

records.

 

 

 

 

 

 

 

data,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

the

variables

used,

the

general

register

values,

the

 

unload

utility

 

 

.

 

A

RACF

utility

that

 

 

 

 

status

of

 

opened

files

used,

 

and

the

 

 

 

RACF

 

SMF

data

 

 

 

 

 

 

 

 

 

 

 

current

directory.

 

 

to

create

a

sequential

file

f

Programs

running

in

 

a

process

must

be

either

enables

 

installations

 

operating

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

system

programs

or

user

programs.

(12) A

 

 

 

security relevant audit data. The sequential file

 

 

running

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

directly,

used

as

i

program,

including

 

the

 

memory

occupied,

the

 

used in several ways: viewed

 

 

 

open

files,

 

 

 

 

 

 

 

 

 

 

 

manipulated

with

 

 

 

the

environment,

and

other

attributes

 

 

 

 

installation-written programs, and

 

 

 

specific

to

a

 

 

utilities. It

can

also

be

uploaded

 

to

 

running

program.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

sort/merge

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

database manager (for example, DB2) to process

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

product-sensitive programming interface (PSPI)

 

 

 

 

.

A

 

complex

 

inquiries

and

create

installation-tailored

rep

programming

 

interface

 

intended

to

be

used

only

 

for

 

 

 

 

.

Pertaining

to

a

 

resource

that

has

 

specialized

tasks

such

as: diagnosis,

 

 

 

 

RACF-protected

 

 

 

 

 

modification,

 

 

a

 

discrete

 

profile,

an

applicable generic

 

monitoring,

 

 

repairing,

tailoring,

and

tuning

 

of

 

either

 

 

 

 

 

 

 

 

the

IBM

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

software

 

product

 

and

 

that

depends on

or

 

a file or directory that doesn't have a profile,

 

 

 

requires

 

the

 

 

the

 

File

Security

Packet

(FSP). A

da

customer

to

understand

significant

aspects

 

protected

 

with

 

 

of

the

 

 

 

 

is

RACF-protected

 

by

a

discrete

profile

design

and

implementation

of

the

IBM

 

 

 

 

set

that

 

 

software

product.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

also be RACF-indicated.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

See alsogeneral-use programming interface. (GUPI)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

profile .

 

Data

that

describes

 

the

significantRACROUTE

macro

 

 

 

.

An

 

assembler

 

macro

that

 

 

 

 

 

characteristics

of

a

user,

a

group

of

 

 

provides a means of calling RACF to provide securit

users,

or

 

one

or

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

more computer resources. Seedatalsoset profile, functions. See alsoAUDIT request, AUTH request,

 

 

 

discrete

 

 

profile,

general

resourcegeneric profile,DEFINE

request,

DIRAUTH

 

request,

EXTRACT

request,

 

 

group

profile,anduser

profile.

 

 

 

 

 

 

 

 

 

 

FASTAUTH

request,

LIST

request,

 

SIGNON

request,

 

 

 

 

 

 

 

 

 

 

 

 

 

STAT request, TOKENBLD request, TOKENMAP

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

program

access

 

 

to

data

sets

 

(PADS)

 

.

 

A

RACF

 

 

 

 

request, TOKENXTR request, VERIFY request,and

 

 

 

 

 

function

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

VERIFYX

 

request.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

that enables an authorized user or group of

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

users

to

 

 

access

 

one

 

or

more

 

data

sets

at

a

specified

 

 

LU)

 

.

 

Seepartner

 

logical

 

 

 

 

access

authority

 

only

while

running

a

 

 

 

 

remote

logical

unit

(remote

 

 

 

 

 

 

 

 

specified

(partner. TheseLU)

 

two

terms

 

are

 

 

 

 

 

 

 

 

 

RACF-controlled

program. See

alsoprogram

control.

 

 

unit

 

 

 

 

 

 

 

 

 

 

 

 

 

interchangeable.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

program

control

 

 

 

.

A

 

RACF

 

function

 

that

enables

 

an

 

node

 

 

.

An

RRSF

 

node

that

is

logically

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

remote

 

 

 

 

 

 

 

installation to control who can run RACF-controlled

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

programs. See

alsoprogram

access

 

to

data.

sets connected

 

to a node from whose point of

view

 

you

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

talking. For

example,

if

MVSX

and

MVSY

 

are

two

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Glossary

 

69

 

 

 

 

Page 92 Page 94
Image 93
Page 92 Page 94
Contents Security Server RACF Planning Installation and Migration OS/390Place graphic in this area. Outline is keyline only. DO NOT PRINT Page OS/390 1996. All Second Edition, SeptemberPage Page Migration ContentsAdministration Considerations Customization ConsiderationsAuditing Considerations Index Operational ConsiderationsChapter 10. ApplicationPage Figures Page Notices Trademarks About This Book How to Use ThisWho Should Use This Book xiiiSoftcopy Publications Where to Find More InformationŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 ServerElements of Security RACF Installation - Student GG24-3971Notes Administration, H3927Using the Ÿ Tutorial Options for Tuning GG22RACFIBM Discussion Areas Other Sources of InformationInternet Sources listserv@uga.cc.uga.eduTo Request Copies of PublicationsOS/390 xviiiFeatures Product ServiceŸ OpenEditionOSA/SF V2R5TSO/EPage Summary of Changes Page Migration Planning Considerations Chapter 1. PlanningMigration Installation Considerations Administration ConsiderationsCustomization Considerations Operational Considerations Auditing ConsiderationsApplication Development Considerations General User ConsiderationsPage New and Enhanced Support Chapter 2. Release Overviewidentifies OS/390 OpenEdition DCEfunction introduced in OS/390 ReleaseCheck ConceptsAuditing the Passing of Access Rights Authorizing and Auditing Server Access to the CCS and WLM ServicesOS/390 OpenEdition SOMobjects for MVSRRSF Network Multisystem Nodesnon-main systemsOS/390 Enable and Disable Functions YearTARGET 1.10 NetViewclasses Facilityupdated for Function Not Upgradedidentifies function thatRelease Components for3. Summary of Class Descriptor Table CDTlists classes Commandswhich thereChapter 3. Summary of Changes to RACF Components for OS/390 15Release CommandExits Data Areaslists changed general-use programming interface GUPI data areMessages MacrosFigure 12 lists changes RACF macrosChanged Messages New MessagesMessages RACF Database Split/Merge Utility IRRUT400Publications Library PanelsRoutines Figure 13 lists RACF panels that areTemplates SYS1.SAMPLIBFigure 16 identifies changes to RACF members of SYS1.SAMPLIB RACROUTE REQUEST=EXTRACTUtilities Figure 18 lists changes to RACF utilities for OS/390 ReleaseTemplate 0280 UtilityRACF Planning Installation and Migrationfor RACF OS/390 Security Server RACF Planning Installation and forMigrationChapter 4. Planning Considerations Migration StrategyHardware Requirements RACF Planning Installation and Migrationfor RACF 2.1, andSoftware Requirements RACF Migration and Planning for RACFCompatibility Compatibility Considerations for Remote SharingRequirements Page Enabling RACF Chapter 5. Installation ConsiderationsConsiderations Networksconfigured installationare in your existing workspace data sets when you install multisystem Rmust Chapter 5. Installation Considerations29nodename prefixsysname local-luprefix.local-node.local-node .INMSG Virtual Storage RACF Storage ConsiderationsThis section discusses storage considerations for RACF Figure 21 estimates RACF virtual storage usage, for planning purposesSubpool Customer Additions to the CDTOS/390 Release Templates for RACF oninformation, OS/390see Security Server SystemExit Processing Chapter 6. Customization Considerationsand IRRSXT00 Effects of OS/390 OpenEdition DCERACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation ExitServer RACF Security Administrators. Guide Chapter 7. Administration ConsiderationsCross-Linking Between RACF Users signonDCEUUIDS Class Signon toActivating single signon restrictionsOpenEditionsee DCE Administration .Guide OS/390 OpenEdition DCE Application Considerationsthe DCE Encryption Key OpenEdition Planning, and inOS/390 OpenEdition Programming Assembler Library ReferenceThreads and Changes to RACF Authorization Processing Restrictionscallable servicepthread orsecuritynp Rdceruid Callable Service UtilityEnhancements to the SYSMVIEW Chapter 7. Administration Considerations43Page SMF Records Chapter 8. Auditing ConsiderationsAuditors Guide and OS/390 Server RACF MacrosServices Auditing New OS/390Interfaces Auditing SystemView for MVS Support Auditing OS/390 OpenEdition DCE SupportReport Writer SMF Data Unload UtilityPage OS/390 Security Server RACF Command Language Referencefor more CommandChapter 9. Operational Considerations Enabling and DisablingPage 2000 Support Chapter 10. Application Development ConsiderationsServers 01yydddFpthread the securitynp New Application Services and SecurityNew Application Authorization ServiceChanges to the Class Descriptor Table Programming InterfacesŸ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on pageConsiderations Chapter 11. General UserOpenEdition Reference forPage APAR OW14451 Chapter 12. NJE ConsiderationsOW08457 After Applying the PTFOW08457 Actions RequiredUACC NODESAPAR OW15408 GROUPFAILSAFE Page Migrating an Existing Chapter 13. ScenariosNodes RRSFOn MIAMI2 prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEprefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 DELETERACF Diagnosis On ORLANDODELETE Note The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACEGlossary accessdirection Page Seegeneral-use programming Seeinventoryprogramming Seemultisystem Seelogicallogical supervisory other.single-systemtask segment andDFP classes continued Index Acontinued Page SERVER SFSCMDKEYSMSTR utilitiescontinued Page IBM  Now you can! TheIBM Online Library ProductivityEdition OS/390 Security Server RACF Information Page Page comments Communicating Your Comments to IBMOS/390 Security Server RACF Planning Installation and Migration Readers Comments - Wed Like to Hear from YouPublication No. GC28-1920-01 Note CopiesREPLY MAILBUSINESS IBMPage IBM Drop in Back Cover Image HereGC28-192ð-ð1
Top Page Image Contents