You may choose to assign account numbers to your users for accounting or other purposes. This account number can be from 1-40 alphameric characters, not containing a blank, tab, quotation mark, apostrophe, comma, semicolon, or line control character. You use the RACF ACCTNUM resource class to authorize use of account numbers. Please refer to the TSO/E Customization book or the RACF Security Administrator¢s Guide for more details on account numbers.

TSO/E allows you to specify the authority to use or a restriction against using the ACCOUNT, OPERATOR, SUBMIT, STATUS, CANCEL, and OUTPUT commands by defining resource profiles in RACF¢s TSOAUTH resource class. Again, TSO/E Customization and the RACF Security Administrator¢s Guide have more information on this topic.

You use commands similar to the following to create a TSO/E user with roughly the capabilities of the ICCF System Administrator. You issue the RDEFINE command only once, and for subsequent users you add you do not need the

RDEFINE.

ADDUSER AAAA PASSWORD(secret) SPECIAL

ALTUSER AAAA TSO(PROC(LOGROUT))

RDEFINE TSOAUTH (ACCT JCL OPER MOUNT PARMLIB) UACC(NONE)

PERMIT ACCT

CLASS(TSOAUTH) ID(AAAA) ACCESS(READ)

PERMIT JCL

CLASS(TSOAUTH) ID(AAAA) ACCESS(READ)

PERMIT OPER

CLASS(TSOAUTH) ID(AAAA) ACCESS(READ)

PERMIT MOUNT

CLASS(TSOAUTH) ID(AAAA) ACCESS(READ)

PERMIT PARMLIB CLASS(TSOAUTH) ID(AAAA) ACCESS(READ)

Of course, AAAA will not normally need authority to use the ACCOUNT command (ACCT resource in the TSOAUTH class) but it does not hurt for AAAA to have this authority and it may prove helpful at some time. As an administrator, though, AAAA could give himself this authority. You might also wish to choose different ²universal access² rules (UACC) for the JCL resource, which gives the ability to submit batch jobs. Often all users can submit batch jobs, and you would assign a UACC of READ to cover this situation.

In this example, TSO/E user AAAA with password ²secret² uses a LOGON procedure named LOGROUT. He has no default account number, and TSO/E does not check authority to use account numbers until you configure the RACF ACCTNUM class. AAAA has authority to use the ACCOUNT command (ACCT), the OPERATOR command (OPER), and the SUBMIT, STATUS, CANCEL, and OUTPUT commands (JCL). He is also able to request volume mounts as necessary. In addition, AAAA has authority to tell TSO/E, via the PARMLIB command, to change its configuration parameters. TSO/E will normally use the parameters contained in member IKJTSO00 in partitioned data set SYS1.PARMLIB. After a change to this member, the TSO/E PARMLIB command will tell TSO/E to use the new parameters without requiring a system IPL.

A terminal user who will be using TSO/E for application development will also have a user profile. However, such a user would probably not have authorization to use the ACCOUNT or OPERATOR commands, nor would he be authorized to request volume mounts.

The TSO/E Information Center Facility (ICF) provides an ENROLL facility for the TSO/E administrator. This facility will add TSO/E users to RACF or UADS (the administrator¢s choice) as well as performing other necessary tasks.

156VSE to OS/390 Migration Workbook

Page 180
Image 180
IBM OS/390 manual Adduser Aaaa PASSWORDsecret Special, Permit JCL, Permit Oper, Permit Mount

OS/390 specifications

IBM OS/390, a versatile operating system, was a cornerstone in enterprise environments and played a pivotal role in mainframe computing. Released in the mid-1990s, OS/390 combined the strengths of IBM's MVS (Multiple Virtual Storage) with new features and enhancements, targeting scalability, reliability, and performance in demanding business applications.

One of the key features of OS/390 was its robust support for multiple users and processes. The system allowed thousands of concurrent users to access applications and data, ensuring high availability and minimizing downtime—a critical requirement for many large organizations. This scalability was supported through various enhancements in memory management and processor scheduling, enabling optimal resource allocation across diverse workloads.

OS/390 was known for its superior workload management capabilities. The Workload Manager (WLM) component allowed administrators to define service policies, specifying how system resources would be allocated according to the priority of tasks. This ensured that critical business processes received the necessary resources while less critical tasks were managed more flexibly.

Another significant characteristic of OS/390 was its commitment to security. The operating system provided comprehensive security features, including user authentication, data encryption, and auditing capabilities. This focus on security was vital for organizations handling sensitive data, ensuring compliance with regulations and safeguarding against unauthorized access.

OS/390 also supported advanced technologies that facilitated integration and development. The system included features like the IBM CICS (Customer Information Control System) for transaction processing and IMS (Information Management System) for database management. These technologies allowed organizations to build robust, high-performance applications tailored to specific business needs.

The ease of network integration was another strength of OS/390. With the advent of the Internet and global connectivity, OS/390 systems could easily interface with various network protocols, enabling businesses to operate in a connected world. This inclusion paved the way for many organizations to expand their capabilities and offer new services, driving digital transformation.

In conclusion, IBM OS/390 represented a significant advancement in mainframe technology, combining scalability, security, and robust workload management. Its rich feature set and support for critical enterprise applications solidified its role as a vital component of many organizations' IT infrastructures, ensuring they could meet their operational challenges head-on while supporting future growth. As technology continues to evolve, the legacy of OS/390 remains influential in the realm of computing.