IBM GC28-1920-01 manual other.single-system, supervisory

Page 94

RRSF

nodes

 

that

are logically connected, fromdirectoriesMVSX's

and

selectively

share

those

files

and

point

of

view

MVSY

is

a

remote

node,

and fromdirectoriesMVSY's

with

other

users.

 

 

 

 

 

point

of

view

MVSX

is

a

remote

nodelocal. See also

 

 

 

 

 

 

 

 

 

node, target

node.

 

 

 

 

 

shell . (1) In OpenEdition

MVS,

a

program

that

 

 

 

 

 

 

 

 

 

 

 

interprets and processes interactive commands from a

Resource

Access

 

Control

Facility

(RACF)

.

An

pseudoterminal or from lines in a shell script. (2) A

IBM-licensed product that provides for

accessprogramcontrolthatby interprets sequences

of

text input

as

identifying

and

verifying

users

to

the

system,commandsauthorizing.Itmay

operate

on

an

input

stream, or

it

access to protected resources, logging detectedmayinteractively prompt and read commands from a

unauthorized attempts to enter the system, andterminallogging.Synonymous withcommand language

 

 

 

 

 

 

detected

accesses

to

protected

resources.interpreter. (3) A

software

interface

between

 

a

user

resource

profile

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

and

the

operating system of a computer. Shell

 

 

 

.

A

 

profile

that

provides

RACF programs

 

interpret

commands

and

user

interactions

on

protection

for

one

or

more

 

resources. User,

 

group,

and

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

devices such as keyboards, pointing devices and

connect

profiles

are not

resource

profiles. The

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

touch-sensitive screens and communicate them to the

information

in

a

resource

profile

 

can

include

 

the

data

 

 

(4) The

command

interpreter

that

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

operating

 

system.

set

 

profile

name,

profile

owner,

universal

access

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

provides a user interface to the operating system

authority,

access

list,

and

other

data. Resource

profiles

 

 

program

that

reads

a

user's

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

its

commands.

(5) The

 

can

 

be

discrete

profiles

or

generic

profiles. See

and

executes

them.

(6) The

shell

command

 

discrete profileandg neric

profile.

 

 

 

 

 

 

 

commands

 

 

 

 

 

 

 

 

language

interpreter,

 

a specific

instance

of

a

shell

root .

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(7) A layer, above the kernel,

that

provides

 

a

flexi

(1) The

starting

point

of

the

file

system.

(2) The

 

 

 

 

and

the

rest

of

 

the

syste

first directory in the systemappropriate. (3) See

 

 

interface

between users

 

 

 

(8) Software that allows a kernel program to run under

privileges.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

different

operating

system

environments.

 

 

 

 

 

RRSF

 

.

SeeRACF

remote

sharing

facility.

 

 

 

 

SIGNON

request

 

 

.

The

issuing

of the

RACROUTE

 

 

 

RRSF

logical

node

 

connection

 

 

.

 

Two

RRSF

nodes

 

 

macro with REQUEST=SIGNON specified. A SIGNON

 

 

 

 

 

 

 

 

 

 

request

is

used

to

 

provide

management

of

the

 

are

 

logically

connected

when

they

are

properly

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

configured

 

to

communicate

via

 

APPC/MVS,

and

 

 

signed-on lists associated with persistent verification

 

 

they

 

 

a

 

feature

of

 

the

APPC

architecture

of

LU 6.2

have

each

 

been configured via the TARGET

 

(PV),

 

 

 

 

command

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

to

have

an

 

OPERATIVE

connection

to

 

the

other.single-system

 

RRSF

node

 

 

.

An

RRSF

node

consisting

 

 

RRSF

network

 

.

Two or more RRSF nodes

that

 

of one MVS system image.

 

 

 

 

 

 

 

 

 

 

 

have

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

established

RRSF

logical

node

 

connections

 

to

each

 

 

 

 

.

SeeRACF

SMF

data

unload

utility.

 

 

 

 

other.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SMF

records

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

node

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

STAT request

 

.

The

issuing

of

the

RACROUTE

macro

 

.

 

One

or

more

MVS

system images

with

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

with REQUEST=STAT specified. A STAT request

 

 

 

 

 

MVS/ESA

4.3

or

later

installed,

RACF

2.2

installed,

 

and

 

if RACF

is

active

and

optionally,

whether

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

determines

the

 

RACF

subsystem

address

space

active. See

also

 

 

 

 

class

 

is

defined

to RACF and

 

active.

RRSF

 

logical

 

node

 

connection.

 

 

 

 

 

 

 

 

 

given

 

resource

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The

STAT

request

replaces

the

RACSTAT

function.

 

 

 

S

SAF . System authorization facility.

security . Seedata security.

structure . Seecache structure.

supervisor . The part of a control program that coordinates the use of resources and maintains the of processing unit operations. Synonymsupervisoryfor

routine.

security

classification

 

.

The

use

 

of

security

 

supervisory

routine

.

A

routine, usually part

of

an

categories, a

 

security

level,

or

both,

to

 

impose

 

 

 

 

 

 

 

 

additional

access

controls on

sensitive

 

 

operating system, that controls the execution of othe

resources. An

 

 

 

 

 

 

 

 

alternative

way

to

provide

security

 

 

 

routines and regulates the flow of work in a data

classifications is to

 

 

 

withsupervisor.

 

 

use

security

labels.

 

 

 

 

 

 

 

 

 

processing system. Synonymous

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SFS .

 

Shared

file

system

 

 

 

 

 

 

 

syscall .

In

OpenEdition

MVS,

deprecated term

for

 

 

 

 

 

 

 

 

callable

service.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

shared

file system

(SFS)

.

A

part

 

of

CMS

that

lets

A

set

of

MVS

systems communicating

and

users

organize

 

their

files

into

groups

known

sysplex .

 

as

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

cooperating with each other through multisystem

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

hardware elements and software services to process

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

customer

workloads.

 

 

 

 

 

70

OS/390

V1R2.0

Security

Server

 

(RACF)

Planning: Installation

and

Migration

 

 

 

 

 

Page 93 Page 95
Image 94
Page 93 Page 95
Contents OS/390 Security Server RACF Planning Installation and MigrationPlace graphic in this area. Outline is keyline only. DO NOT PRINT Page Security Server RACF Planning Installation and Migration Second Edition, September 1996. AllPage Page Contents MigrationCustomization Considerations Administration ConsiderationsAuditing Considerations Chapter Operational ConsiderationsIndex 10. ApplicationPage Figures Page Notices Trademarks Who Should Use This Book How to Use ThisAbout This Book xiiiŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 Where to Find More InformationSoftcopy Publications ServerUsing the Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Ÿ Tutorial Options for Tuning GG22RACFInternet Sources Other Sources of InformationIBM Discussion Areas listserv@uga.cc.uga.eduPublications To Request Copies ofxviii OS/390Features OSA/SF ServiceŸ OpenEditionProduct V2R5TSO/EPage Summary of Changes Page Chapter 1. Planning Migration Planning ConsiderationsMigration Administration Considerations Installation ConsiderationsCustomization Considerations Application Development Considerations Auditing ConsiderationsOperational Considerations General User ConsiderationsPage Chapter 2. Release Overview New and Enhanced Supportfunction OS/390 OpenEdition DCEidentifies introduced in OS/390 ReleaseConcepts CheckOS/390 OpenEdition Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights SOMobjects for MVSnon-main Multisystem NodesRRSF Network systemsYear OS/390 Enable and Disable FunctionsTARGET classes NetView1.10 Facilityidentifies function Function Not Upgradedupdated for that3. Summary of Components forRelease Class Descriptor Table CDTwhich Commandslists classes thereCommand Chapter 3. Summary of Changes to RACF Components for OS/390 15Releaselists changed Data AreasExits general-use programming interface GUPI data areFigure 12 lists changes MacrosMessages RACF macrosMessages New MessagesChanged Messages RACF Database Split/Merge Utility IRRUT400Routines PanelsPublications Library Figure 13 lists RACF panels that areFigure 16 identifies changes to RACF members of SYS1.SAMPLIB SYS1.SAMPLIBTemplates RACROUTE REQUEST=EXTRACTFigure 18 lists changes to RACF utilities for OS/390 Release UtilitiesTemplate Utility 0280Chapter 4. Planning Considerations OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Migration StrategySoftware Requirements RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements RACF Migration and Planning for RACFCompatibility Considerations for Remote Sharing CompatibilityRequirements Page Considerations Chapter 5. Installation ConsiderationsEnabling RACF Networksare in your existing workspace data sets when you installationconfigured install multisystem RChapter 5. Installation Considerations29 mustsysname prefixnodename local-luprefix.local-node.local-node .INMSG This section discusses storage considerations for RACF RACF Storage ConsiderationsVirtual Storage Figure 21 estimates RACF virtual storage usage, for planning purposesCustomer Additions to the CDT Subpoolinformation, OS/390see Security Server Templates for RACF onOS/390 Release Systemand IRRSXT00 Chapter 6. Customization ConsiderationsExit Processing Effects of OS/390 OpenEdition DCEIRRSXT00 Installation Exit RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01Cross-Linking Between RACF Users Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide signonSignon to DCEUUIDS ClassActivating OS/390 OpenEdition DCE Application Considerations single signon restrictionsOpenEditionsee DCE Administration .Guidethe DCE Encryption Key Library Reference OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerThreads and Restrictions Changes to RACF Authorization Processingcallable servicepthread orsecuritynp Utility Rdceruid Callable ServiceEnhancements to the Chapter 7. Administration Considerations43 SYSMVIEWPage Auditors Guide and OS/390 Chapter 8. Auditing ConsiderationsSMF Records Server RACF MacrosAuditing New OS/390 ServicesInterfaces Report Writer Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support SMF Data Unload UtilityPage Chapter 9. Operational Considerations CommandOS/390 Security Server RACF Command Language Referencefor more Enabling and DisablingPage Servers Chapter 10. Application Development Considerations2000 Support 01yydddFNew Application Services and Security pthread the securitynpChanges to the Class Descriptor Table ServiceNew Application Authorization Programming InterfacesŸ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Ÿ “Routines” on pageOpenEdition Chapter 11. General UserConsiderations Reference forPage OW08457 Chapter 12. NJE ConsiderationsAPAR OW14451 After Applying the PTFUACC Actions RequiredOW08457 NODESGROUP APAR OW15408FAILSAFE Page Nodes Chapter 13. ScenariosMigrating an Existing RRSFprefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEMIAMI2 DELETEOn ORLANDO RACF DiagnosisDELETE prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE Note Theaccess Glossarydirection Page Seeinventory Seegeneral-use programmingprogramming Seelogical Seemultisystemlogical other.single-system supervisorytask segment andDFP Index A classes continuedcontinued Page SFSCMD SERVERKEYSMSTR utilitiescontinued Page Now you can! TheIBM Online Library Productivity IBM Edition OS/390 Security Server RACF Information Page Page Communicating Your Comments to IBM commentsPublication No. GC28-1920-01 Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Note CopiesBUSINESS MAILREPLY IBMPage Drop in Back Cover Image Here IBMGC28-192ð-ð1
Top Page Image Contents