ICCF provides another level of security by defining ICCF libraries within DTSFILE as either PUBLIC, PRIVATE, or COMMON. All ICCF users have read access to data stored in the single COMMON library supported by ICCF. However, only ICCF users with a System Administrator level profile have write access to this library. Multiple PUBLIC ICCF libraries are supported in DTSFILE and are normally used to store data that can be read by any ICCF user, but updated only by the originator. ICCF PRIVATE libraries are normally used to store data that can be accessed by users authorized for access to that library.

With RACF you can specify system options (via the SETROPTS command) which tell RACF how to protect data sets, and in particular whether to allow access to unprotected data sets or not. If you choose to require protection for all data sets (SETROPTS PROTECTALL) then you will have to define DATASET profiles before anyone can access data sets. (Obviously you would want to create such profiles before you specify PROTECTALL.) If you dont enforce protection of all data sets, then you can identify those data sets which do require protection and define DATASET profiles just to protect them. The RACF Security Administrators Guide has information on protecting resources, both data sets and other kinds, using the ADDSD, RDEFINE, and PERMIT commands.

In the TSO/E environment, you can use RACF to restrict or allow access to a PDS to simulate the library access defined above. The TSO/E equivalent of the ICCF COMMON library is a PDS with a universal access level of READ and an access list with only a few users having UPDATE authority. Since TSO/E command lists (CLISTs) and REXX execs, equivalent to ICCF procedures, are stored in a PDS, you might define a single CLIST PDS for storing all common CLISTs available to any TSO/E user. This PDS is similar in use to the ICCF PUBLIC library. The TSO/E equivalent of an ICCF PUBLIC library is a PDS with, again, a universal access of READ and an access list with a limited number of users with UPDATE authority. For an ICCF PRIVATE library equivalent PDS under TSO/E, you specify a universal access level of NONE and then permit the necessary users with either READ or UPDATE authority, as appropriate, via the access list of a DATASET profile.

Since protection is at the data set level in TSO/E, it is not possible to do member level protection.

7.1.5 Summary

Although you can begin using TSO/E with a minimum amount of knowledge in the areas of User Profiles and LOGON Procedures, there are many options available in preparing TSO/E for your interactive users. You should review TSO/E Customization for details on these subjects. Security is a very important aspect of your new MVS system and should be reviewed at the system level not just for your TSO/E system. For information on the OS/390 Security Server (RACF) you can begin with the RACF General Information manual, though administrators will also need to study the RACF Security Administrators Guide.

7.2 Using the System

Once a TSO/E user has access to his new interactive system, he will need to know how he can accomplish what he used to do with ICCF. In this section we will explain how to implement ICCF functions in a TSO/E environment.

158VSE to OS/390 Migration Workbook

Page 182
Image 182
IBM OS/390 manual Summary, Using the System

OS/390 specifications

IBM OS/390, a versatile operating system, was a cornerstone in enterprise environments and played a pivotal role in mainframe computing. Released in the mid-1990s, OS/390 combined the strengths of IBM's MVS (Multiple Virtual Storage) with new features and enhancements, targeting scalability, reliability, and performance in demanding business applications.

One of the key features of OS/390 was its robust support for multiple users and processes. The system allowed thousands of concurrent users to access applications and data, ensuring high availability and minimizing downtime—a critical requirement for many large organizations. This scalability was supported through various enhancements in memory management and processor scheduling, enabling optimal resource allocation across diverse workloads.

OS/390 was known for its superior workload management capabilities. The Workload Manager (WLM) component allowed administrators to define service policies, specifying how system resources would be allocated according to the priority of tasks. This ensured that critical business processes received the necessary resources while less critical tasks were managed more flexibly.

Another significant characteristic of OS/390 was its commitment to security. The operating system provided comprehensive security features, including user authentication, data encryption, and auditing capabilities. This focus on security was vital for organizations handling sensitive data, ensuring compliance with regulations and safeguarding against unauthorized access.

OS/390 also supported advanced technologies that facilitated integration and development. The system included features like the IBM CICS (Customer Information Control System) for transaction processing and IMS (Information Management System) for database management. These technologies allowed organizations to build robust, high-performance applications tailored to specific business needs.

The ease of network integration was another strength of OS/390. With the advent of the Internet and global connectivity, OS/390 systems could easily interface with various network protocols, enabling businesses to operate in a connected world. This inclusion paved the way for many organizations to expand their capabilities and offer new services, driving digital transformation.

In conclusion, IBM OS/390 represented a significant advancement in mainframe technology, combining scalability, security, and robust workload management. Its rich feature set and support for critical enterprise applications solidified its role as a vital component of many organizations' IT infrastructures, ensuring they could meet their operational challenges head-on while supporting future growth. As technology continues to evolve, the legacy of OS/390 remains influential in the realm of computing.