IBM OS/390 , Exits

Figure 5. Changes to PSPI Data Areas

Data Area Description Support

AFC This data area maps the contents for the Open

Edition MVS security audit function codes. An audit

function code has been added to audit when

ck_priv is called from OpenEdition_spawn

(BPX1SPN).

Auditability of

super user

requests.

COMP This data area maps the common SAF/RACF

parameter list for Open Edition MVS security

functions. A new 24-byte DSECT ADMN has been

added. It includes addresses of the function-specific

parameter list structure, of the RACF user ID under

whose authority the service executes, of a fullword

containing the ACEE address under which this

service executes, of a caller-supplied area

containing the subpool in which output messages

are obtained, and of a fullword containing a pointer

to the RACF command output.

TME 10 GEM

user

administration

for OS/390

FAST FASTPLEN, FASTPVER, FASTALET, and

FASTLOGS have been added. DB2

FC This data area maps the Open Edition MVS

security function codes. A new constant

IRRSEQ00# has been added for function code 39 -

R_admin.

TME 10 GEM

user

administration

for OS/390

RCVT The RACF level in this data area has been updated

to 2040, to reflect the new FMID, HRF2240. New FMID

RFXP RFXPLEN, RFXPVERS, RFXALET, and RFXLOGS

have been added. DB2

SAFP This data area has been updated to reflect the new

RACF FMID, HRF2240. New FMID

Exits

Because two new keywords, ACEEALET and LOGSTR, were added to

RACROUTE REQUEST=FASTAUTH, there are changes to exit processing.

When the ACEEALET keyword is specified on the RACROUTE

REQUEST=FASTAUTH macro, the ACEE must be accessed using the ALET in the

RFXALET field of the RFXP parameter list. In all other cases, the ACEE can be

accessed in the current HOME address space. For cross-memory callers, this

means the ACEE must be accessed using an ALET of 2.

When the ACEEALET= keyword is specified, the sequence of exit, authorization,

and audit processing is the same as the sequence for cross-memory requests. This

sequence is:

ICHRFX03

Authorization processing

ICHRFX04

Audit processing

16 OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

Contents

Main Page Page Fourth Edition, September 1997 Contents iv Figures Page Notices Page Trademarks Page About This Book OS/390 Security Server (RACF) Introduction not Who Should Use This Book How to Use This Book Where to Find More Information xii Server (RACF) Messages and Codes Online Library Omnibus Edition MVS Collection Kit, OS/390 Collection Kit IBM Systems Center Publications Other Sources of Information xiv IBM Discussion Areas Internet Sources To Request Copies of IBM Publications OS/390 Security Server (RACF) Information Package. Page Summary of Changes RACF Planning: Installation and Migration Page Chapter 1. Planning for Migration Migration Planning Considerations 2 Installation Considerations Customization Considerations Administration Considerations Auditing Considerations Application Development Considerations OS/390 Security Server External Security Interface (RACROUTE) Macro Reference OS/390 Security Server (RACF) Data Areas Page Chapter 2. Release Overview New and Enhanced Support RACF/DB2 External Security Module Enhancements to Support for OpenEdition Services 6 Extended Ability to Audit the Use of Superuser Status Default USER/GROUP OMVS Segment Provided by APAR OW26800 uuuu/gggg Run-Time Library Services Password History Enhancements userid 8 Tivoli Management Environment (TME) 10 Global Enterprise Management User Administration Service New FMID OW24966 Enhancements to TARGET Command prefix.sysname prefix.sysname wdsqual Enable/Disable Changes 10 Server (RACF) System Programmer's Guide OW26237 Enhancements of Global Access Checking Chapter 3. Summary of Changes to RACF Components for OS/390 Release 4 Callable Services Figure 2. Changed Callable Services Class Descriptor Table (CDT) Figure 3. New Classes Commands OS/390 Security Server (RACF) Command Language Reference . Figure 4 (Page 1 of 3). Changes toRACF Commands 14 Figure 4 (Page 3 of 3). Changes toRACF Commands wdsqual prefix.sysname prefix.wdsqual.ds_identity OS/390 Security Server (RACF) Command Language Reference 16 Exits Macros Messages New Messages Changed Messages Deleted Messages 18 Panels Figure 7. New Panels for RACF Figure 8. Changed Panels for RACF SYS1.SAMPLIB Figure 9 identifies change to the RACF member of SYS1.SAMPLIB. Figure 9. Change to SYS1.SAMPLIB 20 Publications Library Chapter 4. Planning Considerations Migration Strategy Migration Paths for OS/390 Release 4 Security Server (RACF) 22 RACF Planning: Installation and Migration Hardware Requirements Compatibility OpenEdition MVS For Auditability of Superusers For Default USER/GROUP OpenEdition Segment Page Chapter 5. Installation Considerations RACF Storage Considerations Virtual Storage Figure 11 (Page 2 of 3). RACF EstimatedStorage Usage 26 Templates for RACF on OS/390 Release 4 OS/390 Security Server (RACF) System Programmer's Guide Page Chapter 6. Customization Considerations OS/390 Security Server (RACF) System Programmer's Guide Customer Additions to the Router Table and the CDT RACF/DB2 External Security Module Customization 30 Exit Processing Chapter 7. Administration Considerations Server (RACF) Security Administrator's Guide The TMEADMIN Class Password History Changes Enhancements of Global Access Checking Chapter 8. Auditing Considerations Security Server (RACF) Auditor's Guide SMF Records Page Chapter 9. Application Development Considerations Programming Interfaces RELEASE=2.4 Keyword on Macros FASTAUTH Changes Page Chapter 10. General User Considerations Security Server (RACF) General User's Guide Password History Changes Page Glossary A class descriptor table system call syscall D E gid_t, shell inventory control block hierarchical file system L 42 logical unit remote node M R S 44 supervisory routine supervisor uid_t, T local node U TSO segment V user identification and verification W How to Get Your RACF CD IBM Online Library Productivity Edition OS/390 Security Server (RACF) Information Package Page Index A C D E H 50 See also I L R S T U V Page Readers' Comments We'd Like to Hear from You BUSINESS REPLY MAIL