IBM GC28-1920-01 manual task

Page 95

sysplex

communication

 

 

.

 

An

optional

RACF

function

 

U

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

that allows the system to use XCF services and

 

 

 

 

 

 

 

 

 

 

 

 

 

 

communicate

with

other

systems

that

are

also

 

enabled

 

 

access authority.

 

 

 

 

for

sysplex communication.

 

 

 

 

 

 

 

 

UACC .

 

 

Seeuniversal

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

system

authorization

facility

(SAF) .

An

MVS

 

 

 

 

 

UID .

Seeuser

identifier.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

component

that

provides

 

a

central

point

 

of

 

control

for

authority

(UACC)

.

The

default

 

 

security

decisions. It

either processes

 

 

universal

access

 

 

requests

 

directly

that

applies

to

a

resource

if

or

works

with

RACF

or

 

another

security

 

 

 

 

access

 

authority

 

 

product

 

to

is not specifically permitted access to the

process

them.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

group

 

 

 

 

 

 

 

 

 

 

 

 

 

 

resource. The

universal

access

authority

can

 

be a

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

system

call

.

In

 

OpenEdition

MVS,

synonym

for

 

 

the

access

authorities.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

callable

service.

 

 

 

 

 

 

 

 

 

 

 

 

 

user . A person who requires the services of a

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

T

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

computing

 

system.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

user

 

ID .

 

A

string

of characters

that uniquely

iden

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

target

node

.

An

RRSF

node

that

a

given

RRSF

 

 

a

 

user

 

to

a

system. A

user

ID

is

1

to

8

alphan

 

node

 

 

 

 

 

 

TSO,

user

IDs

cannot

exceed

7

 

is

logically

connected

to,

as

a

result

of

 

characters. On

 

a

TARGET

 

 

 

 

 

 

 

 

 

 

 

 

command. The

local

node

is

a target

node

of

characters and must begin with an alphabetic, #, $

 

itself,

and

 

 

 

 

 

 

 

 

 

@character.

all of its remote nodes are target lnocaldes. See also

node, remote

node.

 

 

 

 

 

 

 

 

 

 

 

 

 

user

identification

and

verification

 

.

The

acts

of

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

task .

(1) A

basic

unit

 

of

work

to

be

 

 

identifying

and

verifying

a

RACF-defined

user

to

th

 

accomplished

by

a

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

system during logon or batch job processing. RACF

 

computer. The task is usually specified to a control

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

program

 

in

a

multiprogramming

or

multiprocessing

identifies

the

user by

the

user

ID

and

verifie

environment.

(2) A

basic

unit

of

work

to

 

 

by

the

password or operator identification card

be performed.

processing

or

the

password

supplied

on

Some

examples

include

a

 

user

task,

 

a

server

during

logon

 

 

 

task,

and

statement.

 

 

 

 

 

 

 

 

 

 

 

a processor

task.

(3) A

 

process

 

and

the

 

batch

 

JOB

 

 

 

 

 

 

 

 

 

 

 

 

 

procedures

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

that

 

run

the

process.

(4) In

a

 

multiprogramming

 

or

 

 

(UID) .

(1) A

unique

string

of

character

multiprocessing

environment,

one

or

 

more

 

 

 

user

identifier

 

sequences

of

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

instructions

treated by

a

control

program

as

that identifies an operator to the system. This s

 

an

element

limits the

functions

and

information

the

of

work

 

to

be

accomplished

by

 

a

 

computer.

characters

 

 

 

(5) The

 

can use.

(2) A

non-negative

integer,

which

basic

unit

of

work

for

the

MVS

 

system.

 

operator

 

 

can

be

contained

in an objectuid_oft,hattypeis

used

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TOKENBLD

request

 

 

.

The

issuing

of

 

the

 

 

 

to

 

identify

a

system

user. When

the

identity of

 

 

 

 

RACROUTE

 

associated with a process, a

user

ID

 

value

macro

with

REQUEST=TOKENBLD

 

specified. A

 

 

 

is

 

 

 

 

 

to

 

as

a

real user ID, an effective

user

 

ID,

o

TOKENBLD

 

request

builds

a

UTOKEN.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(optional) saved set-user-ID.

(3) The

identification

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TOKENMAP

request

 

 

.

The

issuing

of

the

 

 

 

associated

with

a

user

or

job. The

two types

of

 

 

 

RACROUTE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

macro

with

REQUEST=TOKENMAP

specified. A

 

 

 

 

IDs

are:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TOKENMAP

request

maps

a

token

in

either

internal

Ÿ

or

user

ID: A string of characters that uniquely

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF

external

format,

allowing

a

caller

 

to access

individual

 

 

 

 

 

 

 

 

 

 

 

owner

t

fields

within

the

UTOKEN.

 

 

 

 

 

 

 

 

 

 

 

 

identifies a RACF user or a batch job

 

 

 

 

 

 

 

 

 

 

 

 

security

program for the system. The batch job

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TOKENXTR

request

 

 

.

The

 

issuing

of

 

the

 

RACROUTE

 

 

owner

is

specified

on the

USER

parameter

on

th

 

 

 

 

 

 

 

JOB

statement or inherited from the

submitter

macro

with

REQUEST=TOKENXTR

 

specified. A

 

 

 

 

 

 

 

 

 

 

 

 

 

job. This

user

ID

identifies

a

RACF

user

profi

TOKENXTR

request

extracts

a

UTOKEN

 

from

 

the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ŸOMVS user ID: A numeric value between 0 and

current address space, task or a caller-specified ACEE.

 

 

 

 

 

 

 

 

 

 

2147483647, called a UID (or sometimes a user

transaction program

(TP)

.

A

program

used

for

 

number), that identifies a user to OpenEdition

cooperative

transaction

processing

within an

SNA

services. These numbers appear in the RACF user

network. For APPC/MVS, any program on

MVS

that

 

profile

for

the

user.

 

 

 

 

issues APPC/MVS or CPI Communication

calls,

or

is A

user

ID

is

equivalent to

an

account

on

a UNIX-

scheduled

by the

APPC/MVS

transaction

scheduler.

 

(4) A symbol

identifying

a system

user.

 

 

 

 

 

 

 

 

 

system.

TSO segment

.

The

portion

of a

RACF

 

 

(5) Synonymous

with user identification.

 

 

profile

 

 

 

 

 

 

 

 

 

containing

TSO

logon

information.

 

 

 

user

name .

(1) In

RACF, one to 20 alphanumeric

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

characters

that

represent a

RACF-defined

user. (2)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Glossary

71

 

Page 94 Page 96
Image 95
Page 94 Page 96
Contents Place graphic in this area. Outline is keyline only. DO NOT PRINT Security Server RACF Planning Installation and MigrationOS/390 Page OS/390 1996. All Second Edition, SeptemberPage Page Migration ContentsAuditing Considerations Administration ConsiderationsCustomization Considerations 10. Application Operational ConsiderationsIndex ChapterPage Figures Page Notices Trademarks xiii How to Use ThisAbout This Book Who Should Use This BookServer Where to Find More InformationSoftcopy Publications Ÿ The OS/390 Security Server RACF Information , PackageSK2T-2180Ÿ Tutorial Options for Tuning GG22RACF Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Using thelistserv@uga.cc.uga.edu Other Sources of InformationIBM Discussion Areas Internet SourcesTo Request Copies of PublicationsFeatures OS/390xviii V2R5TSO/E ServiceŸ OpenEditionProduct OSA/SFPage Summary of Changes Page Migration Migration Planning ConsiderationsChapter 1. Planning Customization Considerations Installation ConsiderationsAdministration Considerations General User Considerations Auditing ConsiderationsOperational Considerations Application Development ConsiderationsPage New and Enhanced Support Chapter 2. Release Overviewintroduced in OS/390 Release OS/390 OpenEdition DCEidentifies functionCheck ConceptsSOMobjects for MVS Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights OS/390 OpenEditionsystems Multisystem NodesRRSF Network non-mainTARGET OS/390 Enable and Disable FunctionsYear Facility NetView1.10 classesthat Function Not Upgradedupdated for identifies functionClass Descriptor Table CDT Components forRelease 3. Summary ofthere Commandslists classes whichChapter 3. Summary of Changes to RACF Components for OS/390 15Release Commandgeneral-use programming interface GUPI data are Data AreasExits lists changedRACF macros MacrosMessages Figure 12 lists changesRACF Database Split/Merge Utility IRRUT400 New MessagesChanged Messages MessagesFigure 13 lists RACF panels that are PanelsPublications Library RoutinesRACROUTE REQUEST=EXTRACT SYS1.SAMPLIBTemplates Figure 16 identifies changes to RACF members of SYS1.SAMPLIBTemplate UtilitiesFigure 18 lists changes to RACF utilities for OS/390 Release 0280 UtilityMigration Strategy OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Chapter 4. Planning ConsiderationsRACF Migration and Planning for RACF RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements Software RequirementsRequirements CompatibilityCompatibility Considerations for Remote Sharing Page Networks Chapter 5. Installation ConsiderationsEnabling RACF Considerationsinstall multisystem R installationconfigured are in your existing workspace data sets when youmust Chapter 5. Installation Considerations29local-lu prefixnodename sysnameprefix.local-node.local-node .INMSG Figure 21 estimates RACF virtual storage usage, for planning purposes RACF Storage ConsiderationsVirtual Storage This section discusses storage considerations for RACFSubpool Customer Additions to the CDTSystem Templates for RACF onOS/390 Release information, OS/390see Security ServerEffects of OS/390 OpenEdition DCE Chapter 6. Customization ConsiderationsExit Processing and IRRSXT00RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation Exitsignon Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide Cross-Linking Between RACF UsersActivating DCEUUIDS ClassSignon to the DCE Encryption Key single signon restrictionsOpenEditionsee DCE Administration .GuideOS/390 OpenEdition DCE Application Considerations Threads and OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerLibrary Reference callable servicepthread orsecuritynp Changes to RACF Authorization ProcessingRestrictions Enhancements to the Rdceruid Callable ServiceUtility SYSMVIEW Chapter 7. Administration Considerations43Page Server RACF Macros Chapter 8. Auditing ConsiderationsSMF Records Auditors Guide and OS/390Interfaces ServicesAuditing New OS/390 SMF Data Unload Utility Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support Report WriterPage Enabling and Disabling CommandOS/390 Security Server RACF Command Language Referencefor more Chapter 9. Operational ConsiderationsPage 01yydddF Chapter 10. Application Development Considerations2000 Support Serverspthread the securitynp New Application Services and SecurityProgramming Interfaces ServiceNew Application Authorization Changes to the Class Descriptor TableŸ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on pageReference for Chapter 11. General UserConsiderations OpenEditionPage After Applying the PTF Chapter 12. NJE ConsiderationsAPAR OW14451 OW08457NODES Actions RequiredOW08457 UACCFAILSAFE APAR OW15408GROUP Page RRSF Chapter 13. ScenariosMigrating an Existing NodesprefixTARGET NODEMIAMI2 DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEORLANDO DELETEDELETE RACF DiagnosisOn ORLANDO Note The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACEdirection Glossaryaccess Page programming Seegeneral-use programmingSeeinventory Seemultisystem Seelogicallogical supervisory other.single-systemtask segment andDFP classes continued Index Acontinued Page KEYSMSTR SERVERSFSCMD utilitiescontinued Page Edition OS/390 Security Server RACF Information IBM Now you can! TheIBM Online Library Productivity Page Page comments Communicating Your Comments to IBMNote Copies Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Publication No. GC28-1920-01IBM MAILREPLY BUSINESSPage GC28-192ð-ð1 IBMDrop in Back Cover Image Here
Top Page Image Contents