Manuals / IBM / Computer Equipment / Server

IBM GC28-1920-01 Customization Considerations, Exit Processing, and IRRSXT00, Support on, Exits

Models: GC28-1920-01

1 110

Download 110 pages 26.8 Kb

Page 59

Chapter 6. Customization Considerations

Chapter 6. Customization Considerations

This chapter identifies customization considerations for RACF.

For additional information,OS/390see Security Server (RACF) System

Programmer's Guide.

Customer Additions to the CDT

Installations must verify that classes	they have added to the class
(CDT) do not conflict with new classes	shipped with RACF. If duplicate
entries are detected, the following	error messages are issued at

ŸFor a duplicate router table entry, RACF issues this message and processing:ICH527I RACF DETECTED AN ERROR IN THE INSTALLATION ROUTER

TABLE, ENTRY class_name, ERROR CODE 1.

ŸFor a duplicate CDT entry, RACF issues this message and enters fa

ICH511I RACF DETECTED AN ERROR IN THE INSTALLATION CLASS DESCRIPTOR TABLE, ENTRY class_name, ERROR CODE 7.

If a conflict in class names occurs, you must delete the profiles installation-defined class with the conflicting name, delete the CDT ent class, add a CDT entry with a different name, and redefine the pr

Do not assemble the user-defined CDT (ICHRRCDE) on OS/390 Release 2 a attempt to use it on a system running RACF at a lower level than RACF

Exit Processing

Installation-written exits might be affected by new function introduce Release 2 Security Server (RACF).

Effects of OS/390 OpenEdition DCE	Support on	ICHRCX01, ICHRCX02,
and IRRSXT00
OS/390 OpenEdition	DCE support	can affect:

Ÿ The RACROUTE REQUEST=AUTH preprocessing and processing exits

ŸThe IRRSXT00 installation exit

RACROUTE REQUEST=AUTH Preprocessing			and
Postprocessing		Exits
RACF	support	for OS/390 OpenEdition DCE introduces new indicators in the
ACEE.	These	indicators mark	the ACEE clientas a ACEE. Client ACEEs are

created by OS/390 OpenEdition and RACF on behalf of multithreaded unau application servers on OS/390. There are two types of client ACEE:

ŸUnauthenticated client ACEE

When	an unauthenticated client ACEE is used in an access control de
two	authorization checks occur.

 Copyright IBM Corp. 1994, 1996

35

Image 59

IBM GC28-1920-01 Customization Considerations, Exit Processing, and IRRSXT00, Effects of OS/390 OpenEdition DCE, Exits

Contents

Place graphic in this area. Outline is keyline only. DO NOT PRINT Security Server RACF Planning Installation and MigrationOS/390 Page OS/390 Security Server RACF Planning Installation and Migration1996. All Second Edition, SeptemberPage Page Migration ContentsAuditing Considerations Administration ConsiderationsCustomization Considerations 10. Application Operational ConsiderationsIndex ChapterPage Figures Page Notices Trademarks xiii How to Use ThisAbout This Book Who Should Use This BookServer Where to Find More InformationSoftcopy Publications Ÿ The OS/390 Security Server RACF Information , PackageSK2T-2180Ÿ Tutorial Options for Tuning GG22RACF Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Using thelistserv@uga.cc.uga.edu Other Sources of InformationIBM Discussion Areas Internet SourcesTo Request Copies of PublicationsFeatures OS/390xviii V2R5TSO/E ServiceŸ OpenEditionProduct OSA/SFPage Summary of Changes Page Migration Migration Planning ConsiderationsChapter 1. Planning Customization Considerations Installation ConsiderationsAdministration Considerations General User Considerations Auditing ConsiderationsOperational Considerations Application Development ConsiderationsPage New and Enhanced Support Chapter 2. Release Overviewintroduced in OS/390 Release OS/390 OpenEdition DCEidentifies functionCheck ConceptsSOMobjects for MVS Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights OS/390 OpenEditionsystems Multisystem NodesRRSF Network non-mainTARGET OS/390 Enable and Disable FunctionsYear Facility NetView1.10 classesthat Function Not Upgradedupdated for identifies functionClass Descriptor Table CDT Components forRelease 3. Summary ofthere Commandslists classes whichChapter 3. Summary of Changes to RACF Components for OS/390 15Release CommandDescription Supportgeneral-use programming interface GUPI data are Data AreasExits lists changedRACF macros MacrosMessages Figure 12 lists changesRACF Database Split/Merge Utility IRRUT400 New MessagesChanged Messages MessagesFigure 13 lists RACF panels that are PanelsPublications Library RoutinesRACROUTE REQUEST=EXTRACT SYS1.SAMPLIBTemplates Figure 16 identifies changes to RACF members of SYS1.SAMPLIBSupport UtilitiesFigure 18 lists changes to RACF utilities for OS/390 Release Template0280 UtilityMigration Strategy OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Chapter 4. Planning ConsiderationsRACF Migration and Planning for RACF RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements Software RequirementsRequirements CompatibilityCompatibility Considerations for Remote Sharing Page Networks Chapter 5. Installation ConsiderationsEnabling RACF Considerationsinstall multisystem R installationconfigured are in your existing workspace data sets when youmust Chapter 5. Installation Considerations29local-lu prefixnodename sysnameprefix.local-node.local-node .INMSG Figure 21 estimates RACF virtual storage usage, for planning purposes RACF Storage ConsiderationsVirtual Storage This section discusses storage considerations for RACFFormula for averageprofilesize Customer Additions to the CDTSubpool System Templates for RACF onOS/390 Release information, OS/390see Security ServerEffects of OS/390 OpenEdition DCE Chapter 6. Customization ConsiderationsExit Processing and IRRSXT00RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation Exitsignon Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide Cross-Linking Between RACF UsersActivating DCEUUIDS ClassSignon to the DCE Encryption Key single signon restrictionsOpenEditionsee DCE Administration .GuideOS/390 OpenEdition DCE Application Considerations Threads and OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerLibrary Reference callable servicepthread orsecuritynp Changes to RACF Authorization ProcessingRestrictions SOMobjects for MVS Rdceruid Callable ServiceUtility Enhancements to theSYSMVIEW Chapter 7. Administration Considerations43SystemView for MVS Page Server RACF Macros Chapter 8. Auditing ConsiderationsSMF Records Auditors Guide and OS/390Interfaces ServicesAuditing New OS/390 SMF Data Unload Utility Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support Report WriterPage Enabling and Disabling CommandOS/390 Security Server RACF Command Language Referencefor more Chapter 9. Operational ConsiderationsPage 01yydddF Chapter 10. Application Development Considerations2000 Support Serverspthread the securitynp New Application Services and SecurityProgramming Interfaces ServiceNew Application Authorization Changes to the Class Descriptor TableŸ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on pageReference for Chapter 11. General UserConsiderations OpenEditionPage After Applying the PTF Chapter 12. NJE ConsiderationsAPAR OW14451 OW08457NODES Actions RequiredOW08457 UACCSecurity APAR OW15408Server RACFPage RRSF Chapter 13. ScenariosMigrating an Existing NodesprefixTARGET NODEMIAMI2 DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEORLANDO DELETEOn ORLANDO RACF DiagnosisSecurity ServerNote The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACEOn MIAMI2 direction Glossaryaccess Page programming Seegeneral-use programmingSeeinventory Seemultisystem Seelogicallogical supervisory other.single-systemtask segment andDFP classes continued Index Acontinued Page KEYSMSTR SERVERSFSCMD utilitiescontinued Page Edition OS/390 Security Server RACF Information IBM Now you can! TheIBM Online Library Productivity Page Page comments Communicating Your Comments to IBMNote Copies Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Publication No. GC28-1920-01IBM MAILREPLY BUSINESSPage GC28-192ð-ð1 IBMDrop in Back Cover Image Here