Glossary

Glossary

A

 

 

 

 

 

 

 

 

 

 

 

 

active. See alsoutomatic password directionand

 

 

 

 

 

 

 

 

 

 

 

 

 

 

command

direction.

 

 

 

 

 

 

 

 

 

 

access .

The

 

ability

to

obtain the

use

of

a

protected

.

An

RRSF

function

that

 

 

resource.

 

 

 

 

 

 

 

 

 

 

automatic

direction

 

 

 

 

 

 

 

 

 

 

 

 

automatically directs commands and password-related

access

authority

 

.

An

authority

related

to

a

updates to one or more remote systems. See also

 

request

for

 

 

 

 

 

 

 

 

 

 

 

a type of

access

to

protected

 

 

 

automatic

command directionandautomatic password

 

resources. In

RACF,

the

 

 

 

 

 

 

 

 

 

 

 

access authorities are NONE, EXECUTE, READ,

direction.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

UPDATE,

CONTROL,

 

and

ALTER.

 

 

 

 

 

automatic

password

direction

 

.

An

extension

of

 

 

accessor

environment

element

(ACEE)

 

.

A

 

 

password

synchronization

and

automatic

command

 

 

 

 

direction

that causes

RACF

to

automatically

change

description

of

the

 

current

user,

including

 

user

ID,

for

a

user

 

ID

on

 

one

or

more

remote no

current

connect

group, user

attributes,

and

password

 

 

group

the password

for that

user ID

is

changed

 

 

 

 

 

 

 

 

 

 

 

 

 

after

authorities. An ACEE is constructed during userlocal node. Profiles in the RRSFDATA class control for

identification

 

and

verification.

 

 

 

 

 

 

direction are active. passwordSee also

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ACEE .

 

Seeaccessor

environment

 

element.

 

 

 

 

synchronization,

 

automatic

command

direction, and

 

 

 

 

 

 

 

 

automatic

direction.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

appropriate

privileges

 

 

.

 

In

the

 

OpenEdition

 

MVS

 

Cor

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

implementation, superuser authority. A trusted

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

privileged attribute is an attribute associated with a

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

started

procedure

address

 

space

and

with

any

 

 

process

.

 

A

coupling

facility

structure

that

associated

with

the

address

space.

 

 

 

 

cache

 

structure

 

 

 

 

 

contains data accessed by systems in a sysplex.

AUDIT

request

 

.

 

The

issuing

of

the

 

 

 

 

 

provides

a

way

for

multiple

systems

to

determine t

 

 

RACROUTE macro

 

 

 

 

of

copies

 

of

the

cache

 

structure

data

with

REQUEST=AUDIT

 

specified. An

AUDIT

 

 

validity

 

 

 

request

is

storage.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

local

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

a general-purpose security-audit request that can

be

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

used to

audit

a

specified

 

resource

 

name

and

 

action.

.

 

In

 

OpenEdition

 

MVS,

a

request

by

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

callable

 

 

service

 

 

 

AUTH

request

 

.

 

The

issuing

of

 

the

RACROUTE

 

an

active process

 

for

a

service. Synonymous

with

 

 

 

macro

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

with

REQUEST=AUTH

specified. The

primary

 

 

syscall, system call.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

function

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

of

an

AUTH

request

is

to

check

a

user's

authorization

to

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CDT .

 

Seeclass

descriptor. table

 

 

 

 

 

 

 

a RACF-protected resource or function. The AUTH

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

request

replaces

 

the

RACHECK

 

function. See

also

 

 

 

A

collection

 

of

RACF-defined

entities

(users,

authorization

checking.

 

 

 

 

 

 

 

 

 

 

 

class .

 

 

 

 

 

 

 

 

 

 

 

 

groups, and resources) with similar characteristics.

authority .

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

class

 

names

are

USER,

GROUP,

 

DATASET,

and

the

 

 

The

right

to

access

objects,

resources,

or

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

classes that are defined in the class descriptor

functions. Seeaccess authority, class authority,nd

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

group

authority.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

class

 

 

authority

(CLAUTH)

 

.

An

authority

 

enabling

a

 

authorization

checking

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

user to define RACF profiles in a class defined

 

 

.

The

action

of determining

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

class descriptor table. A user can have class

 

whether

a

user

is

permitted

access

to

a

protected

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

authorities to one or more classes.

 

 

 

 

resource. RACF performs authorization checking as a

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

result of a RACROUTE REQUEST=AUTH or

 

 

 

 

class

 

 

descriptor

table

 

(CDT) .

 

A table

consisting of

an

RACROUTE

REQUEST=FASTAUTH.

 

 

 

 

 

 

 

 

 

 

 

entry

 

for each class except the USER, GROUP, and

automatic

command

direction

 

 

 

.

An

 

 

extension

of

 

DATASET

 

 

classes. The

 

table

is

generated

by

 

 

 

 

 

 

 

 

executing

the

ICHERCDE

macro

once

for

each

class.

command

direction

that

causes

RACF

to

 

automatically

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The class descriptor table contains both the IBM

direct

certain

commands

to

one

or

more

remote

nodes

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

provided classes and also the installation defined

after

running

the

 

commands

on

 

the

issuing

node.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

classes.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Commands can be automatically directed based on who

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

issued

the

command,

the

command

name,

 

or

the profile

Seeclass

authority.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CLAUTH

 

 

 

.

 

 

 

 

 

 

 

 

 

class related to the command. Profiles in the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSFDATA class control to which commands

 

are

 

command

 

 

direction

 

.

 

A

RRSF

function

that

allows

a

 

automatically

directed

when

 

automatic

 

directionuseris to

issue

 

a

 

command

from

one

user

ID

and

di

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

that

 

 

command

to

 

run

 

under

the

authority

of

a

dif

 Copyright

IBM

Corp.

1994,

1996

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

65

 

 

 

Page 89
Image 89
IBM GC28-1920-01 manual Glossary, direction, access