user

ID

on

 

the

same

or

a

different

RRSF

nodecauses.Beforea DEFINE

 

request. The

DEFINE

request

 

 

 

 

a command can be directed from one user IDreplacesto

the

RACDEF

function.

 

 

 

 

 

 

 

 

 

 

 

 

 

another, a user ID association

must

be

defined

between

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

them

via

the

RACLINK

command.

 

 

 

 

 

 

 

 

DFP .

See

Data

 

Facility

Product.

 

 

 

 

 

 

 

 

 

command

interpreter

 

 

 

.

 

A

program

 

that

reads

theDFP

segment

 

.

The

portion

of

a

 

RACF

 

profile

 

 

 

 

commands

that

you

type

in

and

then

 

 

 

 

containing information relating to the users and

 

 

 

executes

them.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

When

you

are

typing

commands

into

the

 

 

resources

that

 

are

 

managed

 

by

 

the

 

data

facility

p

computer,

you

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

are

actually

typing

input

to

 

the

command

 

(DFP).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

interpreter.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The

interpreter

then

decides

how

 

to

 

perform

the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

commands

that

you

have

typed. The

 

shell

is

DIRAUTH

 

request

 

 

.

 

The

 

issuing

 

of

 

the

 

RACROUTE

 

 

 

 

 

an

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

macro with REQUEST=DIRAUTH specified. A

 

 

 

 

 

 

example of a command interpreter. Synonymous with

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

command

 

language

 

interpret. Sere

alsohell.

 

 

 

 

DIRAUTH

request

works on behalf of the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

message-transmission managers to

ensure

 

that

the

 

 

 

command

language

interpreter

 

 

 

 

.

Synonym

for

 

 

 

receiver

of a message meets security-label

 

 

 

 

command

 

interpreter.

 

 

 

 

 

 

 

 

 

 

 

 

authorization

requirements.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

coupling

facility

 

.

 

The

hardware

element

that

directed

command

 

 

.

 

A

RACF

command

that

 

is

issued

 

 

 

 

 

provides

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

from

 

a

user

ID

on

 

an

RRSF

node. It

runs

in

the

RAC

high-speed caching, list processing, and locking

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

functions

in

 

a

sysplex.

 

 

 

 

 

 

 

 

 

 

subsystem

address

space

on

 

the

same

or

a

differen

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF node under the authority of the same or a

 

D

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

different

user

 

ID. A directed command is one that

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

specifies

AT

or

 

ONLYAT. Seecommandalso

direction

 

 

 

 

 

Data

Facility

Product

(DFP)

 

 

 

 

 

 

 

 

 

 

 

 

and automatic

command

direction.

 

 

 

 

 

 

 

 

 

 

 

 

.

A

program

that

isolates

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

applications from storage devices, storage

directory .

(1) A type of file containing the names an

management, and storage device hierarchy

 

controlling

information for other files or other direc

management.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(2) A

construct

for

organizing

computer

files. As

files

data

security .

 

The protection of data from

are

 

analogous

to

folders

that

hold

 

information,

a

 

 

directory

is

analogous

to

a

drawer

 

that

can

hold

a

unauthorized

 

disclosure,

modification,

or

destruction,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

whether

accidental

or

intentional.

 

 

 

 

 

number of folders. Directories can also contain

 

 

 

 

 

 

 

 

subdirectories,

 

which can contain subdirectories of

data

security

monitor

(DSMON)

 

 

.

A

 

RACF

auditing

 

own.

(3) A

file

that

 

contains

directory

entries. No

tw

 

 

 

 

directory

entries

in

the

same

directory

can

have

t

tool

that

produces

reports

enabling

an

 

 

installation

to

 

 

 

 

file

that

points to

 

files

and

 

to

ot

verify

its

basic

system

integrity

and

 

 

same

name. (4) A

 

 

 

data-security

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

controls.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

directories. (5) An index used by a control program t

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

locate

blocks

of

data

that

 

are

stored in separate

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

data set profile . A profile that provides RACF

of

a

data

set

 

in

direct

access

storage.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

protection

for

one

or

more

data

sets. The

information

in

A

resource

profile

that

can

provide

the

profile

 

can

 

include

the

 

data-set

 

 

 

discrete

profile

 

.

 

 

 

 

profile

name,

profile

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

owner,

universal

 

access

authority,

access

 

RACF protection for only a single resource. For

 

 

 

 

list,

and

other

 

 

 

 

 

profile

can

protect

only

a

singl

data. Seediscrete

profileandg neric

profile.

 

 

 

example,

a

discrete

 

 

 

 

data

set

or

minidisk.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

data

sharing

mode

 

 

.

 

An

operational

RACF

mode

that

 

 

.

 

Seedata

 

security

.monitor

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DSMON

 

 

 

 

 

 

 

 

 

 

 

 

 

is available when RACF is enabled for sysplex

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

communication. Data sharing mode uses global

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

resource

serialization

protocol

that

allows

concurrent

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

E

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF

instances

to directly access and change

the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

same database while maintaining data integrityentityas.

A

user,

 

group,

or

resource

 

(for

example,

a

always. Data

sharing

mode

requires

installationDASDof data

set)

that

 

is

defined

to

 

RACF.

 

 

 

 

 

coupling

facility

 

hardware.

 

 

 

 

 

 

 

 

EXTRACT

request

 

 

.

 

The issuing of the RACROUTE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

default

group

.

In

RACF,

the

group specified

inmacro

userwith

REQUEST=EXTRACT

specified. An

 

 

 

 

 

 

 

 

profile

that

is

the

default

current

connect EXTRACTgroup.request

retrieves

or

 

replaces

certain

 

 

 

 

DEFINE

request

 

 

.

 

The

issuing

of

the

RACROUTE

specified

fields from a RACF profile or encodes ce

 

 

 

clear-text

(readable) data. The EXTRACT request

 

 

 

macro

with

REQUEST=DEFINE

 

specified. Also,

using replaces

the

RACXTRT

 

function.

 

 

 

 

 

 

 

 

 

 

 

 

a RACF

 

command

to

add

or

delete

a

resource

profile

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

66 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration

Page 90
Image 90
IBM GC28-1920-01 manual