OS/390 OpenEdition

OS/390 Release 2 OpenEdition adds new capabilities for which RACF provid support.

Authorizing and Auditing Server Access to the CCS and WLM

Services

OS/390 Release 2 OpenEdition adds the capability to check whether ser authorized to use the console communications service (CCS) and the worklo manager (WLM) service. RACF provides support for this capability by det whether the server identity has authority to the service, and by a access to these services.

RACF provides two new audit function codes for these services. The aud based on the existing PROCESS class.

Auditing the Passing of Access Rights

OS/390 Release 2 OpenEdition implements the passing of access rights fro process to another. A sending process opens a file and passes the ope descriptor to a receiving process via a UNIX domain socket connection. writes SMF type 80 records when:

Ÿ The access rights are passed by the sending process.

Ÿ The access rights are received by the receiving process.

ŸThe access rights are discarded by the receiving process without received.

RACF provides a new event code and 3 new audit function codes for th records. Auditing is based on the existing PROCACT class.

SOMobjects for MVS

RACF provides support for Version 1 Release 2 of SOMobjects for MVS. A

application running

in

an

OS/2,

AS/400,

or MVS

environment

requesting

distribu

SOM

(DSOM)

services

can

have

those services run in an

MVS

server. To

sup

the

use

of remote

objects

with

SOMobjects

for MVS,

RACF

does

the

follo

ŸAuthenticates the user as a valid and correct user through the pr password

Ÿ

Verifies

the

user's access to

use the requested server

Ÿ

Verifies

the

server's access

to use the method within the specif

ŸVerifies that only approved servers can register with the SOMojbect server daemon, preventing unauthorized users from starting trojan hors servers

SystemView for MVS

SystemView for MVS consists of programs that run on the user's workstati programs that run on MVS. SystemView for MVS displaysLaunch windowa that

contains a customized task treetask . treeThisrepresents systems management

programs, or applications, to which the workstation user can get access information needed by the SystemView for MVS client code running in the workstation is created and stored on the MVS-based SystemView server s

8 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration

Page 32
Image 32
IBM GC28-1920-01 manual OS/390 OpenEdition, SOMobjects for MVS, SystemView for MVS, Auditing the Passing of Access Rights