Ir para a página of
Manuais similares
-
Server
IBM System x 3950 X6
1 páginas -
Server
IBM 325
18 páginas 0.45 mb -
Server
IBM 8490
110 páginas 4.61 mb -
Server
IBM SC33-1686-02
317 páginas 1.21 mb -
Server
IBM Type 8730
180 páginas 8.4 mb -
Server
IBM 4365
76 páginas 2.8 mb -
Server
IBM HX5
21 páginas 1.03 mb -
Server
IBM Flex System x280 X6
1 páginas
Bom manual de uso
As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto IBM GC28-1920-01. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoIBM GC28-1920-01 vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.
O que é a instrução?
A palavra vem do latim "Instructio" ou instruir. Portanto, no manual IBM GC28-1920-01 você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.
Infelizmente, pequenos usuários tomam o tempo para ler o manual IBM GC28-1920-01, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.
Então, o que deve conter o manual perfeito?
Primeiro, o manual IBM GC28-1920-01 deve conte:
- dados técnicos do dispositivo IBM GC28-1920-01
- nome do fabricante e ano de fabricação do dispositivo IBM GC28-1920-01
- instruções de utilização, regulação e manutenção do dispositivo IBM GC28-1920-01
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes
Por que você não ler manuais?
Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque IBM GC28-1920-01 não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos IBM GC28-1920-01 e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço IBM na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas IBM GC28-1920-01, como para a versão papel.
Por que ler manuais?
Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo IBM GC28-1920-01, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.
Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual IBM GC28-1920-01. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação
Índice do manual
-
Página 1
OS/390 Place graphic in this area. Outline is keyline only. DO NOT PRINT. IBM Security Server (RACF) Planning: Installation and Migration GC28-1920-01[...]
-
Página 2
[...]
-
Página 3
OS/390 IBM Security Server (RACF) Planning: Installation and Migration GC28-1920-01[...]
-
Página 4
Note Before using this information and the product it supports, be sure to read the general information under “Notices” on page xi. Second Edition, September 1996 This is a major revision of GC28-1920-00. This edition applies to Version 1 Release 2 of OS/390 (5645-001) and to all subsequent releases and modifications until otherwise indicated i[...]
-
Página 5
iii[...]
-
Página 6
iv OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 7
Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii About This Book ................................... xiii Who Should Use This Book .............................. xiii How to Use This Book ..............[...]
-
Página 8
Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Panels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Publications Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Routines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 9
Chapter 9. Operational Considerations . . . . . . . . . . . . . . . . . . . . . 49 Enhancements to the RESTART Command .................... 4 9 Enabling and Disabling RACF ............................ 4 9 Chapter 10. Application Development Considerations ............ 5 1 Year 2000 Support ................................... 5 1 OS/390 OpenEdition [...]
-
Página 10
viii OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 11
Figures 1. Function Shipped In OS/390 Release 1 Security Server (RACF) ...... 5 2. Function Introduced After the Availability of OS/390 Release 1 Security Server (RACF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Function Introduced In OS/390 Release 2 Security Server (RACF) ..... 6 4. Function Not Shipped In OS/390 R[...]
-
Página 12
x OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 13
Notices References in this publication to IBM products, programs, or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM product, program, or service is not intended to state or imply that only IBM's product, program or service may be used. A functionally equivalent pro[...]
-
Página 14
Trademarks The following terms are trademarks of the IBM Corporation in the United States or other countries or both: AS/400 BookManager CICS CICS/ESA DB2 DFSMS DFSMS/MVS IBM IBMLink IMS Library Reader MVS MVS/ESA MVS/XA NetView OpenEdition OS/2 OS/390 Parallel Sysplex [...]
-
Página 15
About This Book This book contains information about the Resource Access Control Facility (RACF), which is part of the OS/390 Security Server. The Security Server has two components: RACF OpenEdition DCE Security Server For information about the OpenEdition DCE Security Server, see the publications related to that component. This book provi[...]
-
Página 16
Chapter 7, “Administration Considerations” on page 37, summarizes changes to administration procedures for the new release of RACF. Chapter 8, “Auditing Considerations” on page 45, summarizes changes to auditing procedures for the new release of RACF. Chapter 9, “Operational Considerations” on page 49, summarizes changes to [...]
-
Página 17
RACF Courses The following RACF classroom courses are also available: Effective RACF Administration, H3927 MVS/ESA RACF Security Topics, H3918 Implementing RACF Security for CICS/ESA, H3992 IBM provides a variety of educational offerings for RACF. For more information on classroom courses and other offerings, see your IBM representative[...]
-
Página 18
Other Sources of Information IBM provides customer-accessible discussion areas where RACF may be discussed by customer and IBM participants. Other information is available through the Internet. IBM Discussion Areas Two discussion areas provided by IBM are the MVSRACF discussion and the SECURITY discussion. MVSRACF MVSRACF is available to custom[...]
-
Página 19
You can get sample code, internally-developed tools, and exits to help you use RACF. All this code works 1 , but is not officially supported. Each tool or sample has a README file that describes the tool or sample and any restrictions on its use. The simplest way to reach this code is through the RACF home page. From the home page, click on System/[...]
-
Página 20
Elements and Features in OS/390 You can use the following table to see the relationship of a product you are familiar with and how it is referred to in OS/390 Release 2. OS/390 Release 2 is made up of elements and features that contain function at or beyond the release level of the products listed in the following table. The table gives the name an[...]
-
Página 21
Product Name and Level Name in OS/390 Base or Optional OpenEdition Application Services OpenEdition Application Services base OpenEdition DCE Base Services (OSF DCE level 1.1) OpenEdition DCE Base Services base OpenEdition DCE Distributed File Service (DFS) (OSF DCE level 1.1) OpenEdition DCE Distributed File Service (DFS) b[...]
-
Página 22
xx OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 23
Summary of Changes Summary of Changes for GC28-1920-01 OS/390 Release 2 This book contains new information for OS/390 Release 2 Security Server (RACF). Summary of Changes for GC28-1920-00 OS/390 Release 1 This book contains information previously presented in RACF Planning: Installation and Migration , GC23-3736, which supports RACF Version 2 Relea[...]
-
Página 24
xxii OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 25
Chapter 1. Planning for Migration This chapter provides information to help you plan your installation's migration to the new release of RACF. Before attempting to migrate, you should define a plan to ensure a smooth and orderly transition. A well thought-out and documented migration plan can help minimize any interruption of service. Your mig[...]
-
Página 26
Installation Considerations Before installing a new release of RACF, you must determine what updates are needed for IBM-supplied products, system libraries, and non-IBM products. (Procedures for installing RACF are described in the program directory shipped with the product, not in this book.) Be sure you include the following steps when planning y[...]
-
Página 27
Auditing Considerations Auditors who are responsible for ensuring proper access control and accountability for their installation are interested in changes to security options, audit records, and report generation utilities. For more information, see Chapter 8, “Auditing Considerations” on page 45. Operational Considerations The installation of[...]
-
Página 28
4 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 29
Chapter 2. Release Overview This chapter lists the new and enhanced features of RACF for OS/390 Release 2. It also lists the support that has not been updated in the new release. New and Enhanced Support For OS/390 Release 2, RACF provides new and enhanced support for: OS/390 OpenEdition DCE OS/390 OpenEdition MVS SOMobjects for MVS, Ve[...]
-
Página 30
Figure 2 on page 6 identifies function introduced after the availability of OS/390 Release 1 Security Server (RACF). Figure 3 identifies function introduced in OS/390 Release 2 Security Server (RACF). Figure 4 identifies function not shipped in OS/390 Release 2 Security Server (RACF), but available via PTF. Figure 2. Function Introduced After the A[...]
-
Página 31
OS/390 OpenEdition DCE single signon support uses to sign in an authenticated OS/390 user to DCE. The RACF support for OS/390 OpenEdition DCE includes: The DCE segment, which contains DCE information associated with a RACF user The KEYSMSTR class, which holds a key to encrypt the DCE password The DCEUUIDS class, which is used to define [...]
-
Página 32
OS/390 OpenEdition OS/390 Release 2 OpenEdition adds new capabilities for which RACF provides support. Authorizing and Auditing Server Access to the CCS and WLM Services OS/390 Release 2 OpenEdition adds the capability to check whether servers are authorized to use the console communications service (CCS) and the workload manager (WLM) service. RAC[...]
-
Página 33
so that the user's information can be customized independently of the user's workstation type. The SystemView Launch window lets users log on once, authenticating with their RACF password, and then get access to applications that SystemView for MVS supports by selecting an application from their customized task tree, without needing to sp[...]
-
Página 34
Output and notifications from commands that were directed via the AT or ONLYAT keywords. These are returned to the system on which the directed command was issued. Notifications from RACLINK commands. These are returned to the system on which the RACLINK command was issued. Output from password changes when automatic password direction [...]
-
Página 35
the IRRDCR00 module to allow customers to convert a 3-byte packed decimal date to a 4-byte packed decimal date, using RACF's interpretation of the yy value. For more information on IRRDCR00, see “Year 2000 Support” on page 51. NetView RACF has added the NGMFVSPN field to the NETVIEW segment of the RACF user profile for future use by the Ne[...]
-
Página 36
The PTF must be applied to all systems in the sysplex in order for these enhancements to take effect. However, systems with and without the PTF applied can coexist in the sysplex, and there is no requirement to IPL all systems in the sysplex when the PTF is applied. Note: PTF UW90293 is not shipped with OS/390 Release 2 Security Server (RACF). You [...]
-
Página 37
Chapter 3. Summary of Changes to RACF Components for OS/390 Release 2 This chapter summarizes the new and changed components of OS/390 Release 2 Security Server (RACF). It includes summary charts for changes to the RACF: Class descriptor table (CDT) Commands Data Areas Exits Macros Messages Panels Publications Librar[...]
-
Página 38
Figure 7 lists classes for which there are changes. Figure 6 (Page 2 of 2). New Classes Class Name Description Support FILE This class controls protection of shared file system (SFS) files on VM. RACF 1.10 for VM KEYSMSTR This class holds a key to encrypt DCE passwords stored in the RACF database. The profile in this class is named: DCE.PASSWORD.KE[...]
-
Página 39
Figure 8. Changes to RACF Commands Command Description Support all If an attempt is made to invoke a RACF command when RACF is not enabled, RACF issues message IRR418I, and the command is not processed. OS/390 Enable/Disable ADDUSER ALTUSER These commands accept the new NGMFVSPN subkeyword on the NETVIEW keyword for future use by the NetView Graphi[...]
-
Página 40
Data Areas Figure 9 lists changed general-use programming interface (GUPI) data areas for SAF to support RACF for OS/390 Release 2. Figure 10 lists changed product-sensitive programming interface (PSPI) data areas for for RACF. Figure 9. Changes to SAF GUPI Data Areas Data Area Description Support ACEE This data area has been enhanced to identify a[...]
-
Página 41
Figure 11. Changed Exits for RACF Exit Description Support ICHRCX01 ICHRCX02 For unauthenticated client ACEEs, the RACROUTE REQUEST=AUTH preprocessing and postprocessing exits are invoked for both the client ACEE and the server ACEE. For more information, see “Effects of OS/390 OpenEdition DCE Support on ICHRCX01, ICHRCX02, and IRRSXT00” on pag[...]
-
Página 42
New Messages The following messages are added: RACF Initialization Messages: ICH562I RACF Processing Messages: IRR418I Dynamic Parse (IRRDPI00 Command) Messages: IRR52152I RACF Database Split/Merge Utility (IRRUT400) Messages: IRR65038I Messages Issued by the RACF Subsystem: IRRB022I, IRRB077I, IRRB078I, IRRB079I, IRRB080I, IRRB081I, IRRB082I RRSF [...]
-
Página 43
Panels Figure 13 lists RACF panels that are changed. Figure 13. Changed Panels for RACF Panel Description Support ICHP41I ICHP42I Existing panels for user administration of the NETVIEW segment have been updated to allow a user to add, change, or delete the NGMFVSPN field. NetView Publications Library Figure 14 lists changes to the OS/390 Security S[...]
-
Página 44
SYS1.SAMPLIB Figure 16 identifies changes to RACF members of SYS1.SAMPLIB. Figure 16. Changes to SYS1.SAMPLIB Member Description Support IRRADULD This member has been updated with the SMF type 80 record for the new event code 65. OS/390 OpenEdition IRRADULD This member has been updated to support RACF 1.10 for VM audit records. RACF 1.10 for VM IRR[...]
-
Página 45
Figure 17. Changes to Templates Template Description of Change Support General A new SVFMR segment provides the following information: Field Description SCRIPTN Script name PARMN Parameter list name SystemView for MVS Group A new OVM segment provides OpenEdition for VM information associated with a group. The segment provides the following informat[...]
-
Página 46
Figure 18. Changes to Utilities Utility Description of Change Support IRRADU00 The SMF data unload utility has been updated to support unloading data from audit records created on a system running RACF 1.10 for VM. This support allows RACF 1.10 for VM audit records to be processed by OS/390 Security Server (RACF). RACF 1.10 for VM IRRDBU00 The RACF[...]
-
Página 47
Chapter 4. Planning Considerations This chapter describes the following high-level planning considerations for customers upgrading to Security Server (RACF) Release 2 from Security Server (RACF) Release 1: Migration strategy Migration paths Hardware requirements Software requirements Compatibility Migration Strategy The recommen[...]
-
Página 48
RACROUTE REQUEST=EXTRACT,TYPE=EXTRACT or TYPE=REPLACE before installing OS/390 Release 2 Security Server (RACF). In addition to this book you should read: – OS/390 Security Server (RACF) Planning: Installation and Migration for OS/390 Release 1, – RACF Planning: Installation and Migration for RACF 2.1, and – RACF Migration and Planning for RA[...]
-
Página 49
Figure 19. Software Requirements for New Function Function Software Requirements OS/390 OpenEdition DCE interoperability support OpenEdition/MVS Release 3 plus APAR OW15865 (PTF UW23684) C Run Time Library plus APAR PN75309 (PTF UN90158) SOMobjects for MVS support Version 1 Release 2 of SOMobjects for MVS Compatibility This section describes consid[...]
-
Página 50
26 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 51
Chapter 5. Installation Considerations This chapter describes changes of interest to the system programmer installing OS/390 Release 2 Security Server (RACF): Enabling RACF Considerations for RRSF networks Virtual storage considerations Customer additions to the CDT Templates Enabling RACF When you install OS/390 Release 2, make[...]
-
Página 52
prefix Is a value you specify with the PREFIX keyword on the TARGET command sysname Is the system name. This name must match the value in the CVTSNAME field for the system it identifies. ds_identity Is either INMSG or OUTMSG The naming convention for the workspace data sets for remote connections is now: prefix.local_luname.remote_luname.ds_identit[...]
-
Página 53
the description of the TARGET command in OS/390 Security Server (RACF) Command Language Reference for details. If any of the INMSG or OUTMSG workspace data sets are not empty, you should rename them to follow the new naming convention. For an example of JCL to perform this task, see Figure 20 on page 30. 6. Restart the RACF subsystem address space [...]
-
Página 54
//// // // // RRSFALTR: // // // // IDCAMS JOB to rename the workspace data sets when installing // // PTF UW9235 (multisy[...]
-
Página 55
//RRSFALTR JOB 'JOB TO RENAME WORKSPACE DATA SETS',MSGLEVEL=1,1 // // USE A JOBCAT OR STEPCAT WHERE NEEDED TO POINT TO THE CATALOG // THAT CONTAINS THE INFORMATION NEEDED FOR YOUR DATA SETS. // //STEP1 EXEC PGM=IDCAMS // THE WORKSPACE DATA SETS THAT REFER TO THE LOCAL SYSTEM SHOULD // BE CHANGED AS FOLLOWS: //SYSPRINT DD[...]
-
Página 56
RACF Storage Considerations This section discusses storage considerations for RACF. Virtual Storage Figure 21 estimates RACF virtual storage usage, for planning purposes. Figure 21 (Page 1 of 2). RACF Estimated Storage Usage Storage Subpool Usage How to Estimate Size FLPA RACF service routines, if IMS or CICS is using RACF for authorization checkin[...]
-
Página 57
Figure 21 (Page 2 of 2). RACF Estimated Storage Usage Storage Subpool Usage How to Estimate Size ELSQA Connect group table 64 + (48 × number_of_groups_connected) In-storage generic profiles 160 + number_of_generic_profiles × (14 + average_profile_size + average_profile_name_length) RACF storage tracking table 3500 RACROUTE REQUEST=LIST profiles N[...]
-
Página 58
Templates for RACF on OS/390 Release 2 The RACF database must have templates at the Security Server (RACF) Release 2 level in order for RACF to function properly. If a Security Server (RACF) Release 2 system is sharing the database with a lower-level system (RACF 1.9, RACF 1.9.2, RACF 1.10, RACF 2.1, RACF 2.2, or Security Server (RACF) Release 1), [...]
-
Página 59
Chapter 6. Customization Considerations This chapter identifies customization considerations for RACF. For additional information, see OS/390 Security Server (RACF) System Programmer's Guide . Customer Additions to the CDT Installations must verify that classes they have added to the class descriptor table (CDT) do not conflict with new classe[...]
-
Página 60
– The first check uses the client ACEE. This is the ACEE that is associated with the current task. If the request is successful, the second check is performed. – The second check uses the ACEE associated with the server. This is the same ACEE that is associated with the address space. When each of these checks occurs, the RACF exits ICHRCX01 an[...]
-
Página 61
Chapter 7. Administration Considerations This chapter summarizes the changes to administration procedures that the security administrator should be aware of. For more information, see OS/390 Security Server (RACF) Security Administrator's Guide . OS/390 OpenEdition DCE The interoperation of RACF with OS/390 OpenEdition DCE enables DCE applicat[...]
-
Página 62
database. The mvsexpt utility takes a specified input file or the DCE registry for each principal specified and creates the RACF DCE segment and profiles in the RACF general resource class, DCEUUIDS. For more information on these utilities, see OpenEdition DCE Administration Guide . Although you can administer the DCEUUIDS profiles using the RACF R[...]
-
Página 63
The MVS user must have saved the current DCE password in the RACF DCE segment by invoking the DCE storepw command. Note: Users still need to maintain their passwords for RACF and OpenEdition DCE separately, and must use the DCE storepw to keep the DCE password that is stored in RACF current. Single signon support is not intended to be used by a[...]
-
Página 64
OpenEdition Planning , and in OS/390 OpenEdition Programming: Assembler Callable Services Reference . The C language support for the pthread_security_np() function is discussed in OS/390 R2 C/C ++ Run-Time Library Reference . Threads and Security An application that uses the pthread_security_np service can customize the RACF identity of a thread. C[...]
-
Página 65
Changes to RACF Authorization Processing Extensions have been introduced to RACF's processing of authorization requests in which both the RACF identity of the server and the RACF identity of a client of the server application are used in a resource access decision. RACF support for OpenEdition DCE introduces new indicators in the ACEE. These i[...]
-
Página 66
resources. Profiles must reside in storage before RACROUTE REQUEST=FASTAUTH can be used to verify a user's access to a resource. The client/server relationship is not propagated from the application server. If the security administrator implements access control to resources that use both the server's RACF identity and the client&apos[...]
-
Página 67
SystemView for MVS Before an installation can use SystemView for MVS, the security administrator must: Create profiles in the SYSMVIEW class for SystemView for MVS applications. The profiles define logon script and parameter information for the applications. Authorize SystemView for MVS users to access the defined applications via the Syste[...]
-
Página 68
44 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 69
Chapter 8. Auditing Considerations This section summarizes the changes to auditing procedures for the RACF: SMF records Report writer utility SMF data unload utility The auditor must decide on appropriate global auditing options for the new classes and on which auditing reports are to be produced. See OS/390 Security Server (RACF) Audit[...]
-
Página 70
For more information on SMF records, see OS/390 Security Server (RACF) Macros and Interfaces . Figure 23 (Page 2 of 2). Changes to SMF Records Record Type Record Field Description of Change Support 80 Relocate 65 For event code 2, this SMF record contains flags indicating the ACEE type: Unauthenticated client Authenticated client Server[...]
-
Página 71
Auditing OS/390 OpenEdition DCE Support RACF provides one new audit function code (94) to audit OS/390 OpenEdition DCE support. Auditing SystemView for MVS Support Depending on the auditing options selecting when using the RACF SMF data unload utility (IRRADU00), customers might see SMF records returned for the new SYSMVIEW class and type 44 reloca[...]
-
Página 72
48 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 73
Chapter 9. Operational Considerations This section summarizes the changes to operating procedures for RACF for OS/390 Release 2. Enhancements to the RESTART Command The RESTART command has been enhanced. The new SYSNAME keyword allows an operator to restart connections to systems on a multisystem node. See OS/390 Security Server (RACF) Command Lang[...]
-
Página 74
50 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 75
Chapter 10. Application Development Considerations Application development is the process of planning, designing, and coding application programs that invoke RACF functions. This section highlights new support that might affect application development procedures: Year 2000 support OS/390 OpenEdition DCE Application Servers Changes to th[...]
-
Página 76
The security administrator has the option of enforcing the use of both the application server's RACF identity and the RACF identity of the client in resource access control decisions. RACF support for OS/390 OpenEdition DCE introduces new indicators in the ACEE. These indicators mark the ACEE as a client ACEE . Client ACEEs are created by OS/3[...]
-
Página 77
For more information on the convert_id_np (BPX1CID) callable service, see OS/390 OpenEdition Programming: Assembler Callable Services Reference . The C language support for the __convert_id_np() is discussed in OS/390 R2 C/C ++ Run-Time Library Reference New Application Authorization Service A DCE application server on OS/390 can use DCE security s[...]
-
Página 78
“Macros” on page 17 “Templates” on page 20 “Utilities” on page 21 “Routines” on page 19 54 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 79
Chapter 11. General User Considerations RACF general users use RACF to: Log on to the system Access resources on the system Protect their own resources and any group resources to which they have administrative authority This chapter highlights new support that might affect general user procedures. OS/390 OpenEdition DCE If an installati[...]
-
Página 80
56 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 81
Chapter 12. NJE Considerations Several APARs shipped on OS/390 Release 2 Security Server (RACF) have implications for NJE. APAR OW14451 OS/390 Release 2 Security Server (RACF) includes a PTF that provides functions that change the way inbound NJE jobs and NJE sysout are handled by RACF. If your installation uses NJE and RACF nodes profiles it is im[...]
-
Página 82
Actions Required With OW08457 and OW14451, group propagation and group translation has been fixed for NODES profiles, both for batch jobs and for SYSOUT. This change can significantly alter the external results of your NJE environment and your installation must decide what changes will best suit your needs. Case 1: Nodes defined to &RACLNDE. Fo[...]
-
Página 83
List all GROUPJ and GROUPS NODES profiles that have a UACC value greater than or equal to READ, recording the profile names and all keywords necessary to add them back later. Then delete them. These profiles were previously irrelevant but now could result in failing jobs or unowned SYSOUT. Note that GROUPJ and GROUPS NODES profiles with a UACC valu[...]
-
Página 84
60 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 85
Chapter 13. Scenarios This chapter contains scenarios that might help you in planning your migration to Security Server (RACF) Release 2. Migrating an Existing RRSF Network to Use Multisystem Nodes If an existing RRSF network contains single-system RRSF nodes that share a RACF database, you can reconfigure the single-system RRSF nodes to a multisys[...]
-
Página 86
2. Issue TARGET DORMANT commands from the operator's console to make all RRSF conversations dormant: prefix TARGET NODE(MIAMI1) DORMANT prefix TARGET NODE(ORLANDO) DORMANT 3. Issue a TARGET command from the operator's console to make MIAMI1 the main system on the new multisystem node MIAMI1. The old node name is used for the new multisyst[...]
-
Página 87
5. Issue a TARGET command from the operator's console to define system SYSTEM1 as the MAIN system for the multisystem node. (Issuing this command allows you to reconfigure the node to make SYSTEM2 the main system at some future time.) prefix TARGET NODE(MIAMI1) SYSNAME(SYSTEM1) LOCAL MAIN OPERATIVE PREFIX(...) PROTOCOL(...) WORKSPACE(...) Add [...]
-
Página 88
On MIAMI2: 1. Issue a TARGET command from the operator's console to define the connection with ORLANDO. prefix TARGET NODE(ORLANDO) OPERATIVE PREFIX(...) PROTOCOL(...) WORKSPACE(...) Add this command to the RACF parameter library for SYSTEM2. Note: The TARGET commands for SYSTEM1 and SYSTEM2 are now identical. If you want, you can now use a si[...]
-
Página 89
Glossary A access . The ability to obtain the use of a protected resource. access authority . An authority related to a request for a type of access to protected resources. In RACF, the access authorities are NONE, EXECUTE, READ, UPDATE, CONTROL, and ALTER. accessor environment element (ACEE) . A description of the current user, including user ID, [...]
-
Página 90
user ID on the same or a different RRSF node. Before a command can be directed from one user ID to another, a user ID association must be defined between them via the RACLINK command. command interpreter . A program that reads the commands that you type in and then executes them. When you are typing commands into the computer, you are actually typi[...]
-
Página 91
F FASTAUTH request . The issuing of the RACROUTE macro with REQUEST=FASTAUTH specified. The primary function of a FASTAUTH request is to check a user's authorization to a RACF-protected resource or function. A FASTAUTH request uses only in-storage profiles for faster performance. The FASTAUTH request replaces the FRACHECK function. See also au[...]
-
Página 92
is the local LU, and the LU through which communication is received is the partner LU. local node . The RRSF node from whose point of view you are talking. For example, if MVSA and MVSB are two RRSF nodes that are logically connected, from MVSA's point of view MVSA is the local node, and from MVSB's point of view MVSB is the local node. S[...]
-
Página 93
Daemon processes, which do systemwide functions in user mode, such as printer spooling Kernel processes, which do systemwide functions in kernel mode, such as paging A process can run in an OpenEdition user address space, an OpenEdition forked address space, or an OpenEdition kernel address space. In an MVS system, a process is handled like[...]
-
Página 94
RRSF nodes that are logically connected, from MVSX's point of view MVSY is a remote node, and from MVSY's point of view MVSX is a remote node. See also local node , target node . Resource Access Control Facility (RACF) . A n IBM-licensed product that provides for access control by identifying and verifying users to the system, authorizing[...]
-
Página 95
sysplex communication . An optional RACF function that allows the system to use XCF services and communicate with other systems that are also enabled for sysplex communication. system authorization facility (SAF) . An MVS component that provides a central point of control for security decisions. It either processes requests directly or works with R[...]
-
Página 96
OpenEdition MVS, a string that is used to identify a user. user profile . A description of a RACF-defined user that includes the user ID, user name, default group name, password, profile owner, user attributes, and other information. A user profile can include information for subsystems such as TSO and DFP. See TSO segment and DFP segment . V verif[...]
-
Página 97
Index A ADDUSER command 15 administration classroom courses xv administration considerations migration 2 Airline Control System/MVS, support for 11 ALCS/MVS support ALCSAUTH class 13 ALCS/MVS, support for 11 ALCSAUTH class 11, 13 ALTUSER command 15 application development considerations DCE support 51 migration 3 year 2000 support 51 audit function[...]
-
Página 98
DCE support (continued) auditing considerations 47 command changes 15 controlling access to R_dceruid callable service 42 DCEUUIDS class 13 deleting RACF user IDs 42 description 6 effect on exits 35, 36 general user considerations 55 KEYSMSTR class 14 new audit function codes 16 new record type for database unload utility 22 new segment for user te[...]
-
Página 99
J JCICSJCT class 14, 53 JCL for renaming workspace data sets 30 K KCICSJCT class 14, 53 KEYSMSTR class 14 L library, RACF publications changes to 19 LSQA storage requirement 32 M macros changes to 17 ICHEINTY 17 RACROUTE REQUEST=DEFINE 17 main system 9 messages changes to 17 migration recommended strategy migration considerations administration 2 a[...]
-
Página 100
PLPA storage requirement 32 programming interfaces changes to CDT 13 data areas 16 new routines 19 templates 21 publications changes to RACF library 19 on CD-ROM xiv softcopy xiv R R_dceruid callable service 42 RACDBULD member of SYS1.SAMPLIB 20 RACDBUTB member of SYS1.SAMPLIB 20 RACF classroom courses xv publications on CD-ROM xiv softcopy xiv RAC[...]
-
Página 101
SMF data unload utility auditing considerations 47 changes to 22 SMF records changes to 45 OpenEdition DCE support 46 OpenEdition services 45 SOMDOBJS class 14 SOMobjects for MVS, support for administration considerations 42 CBIND class 13 description 8 SERVER class 14 SOMDOBJS class 14 SQA storage requirement 32 storage for RACF virtual 32 storage[...]
-
Página 102
78 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration[...]
-
Página 103
IBM Let's face it, you have to search through a ton of hardcopy manuals to locate all of the information you need to secure your entire system. There are manuals for OS/390, VM, CICS, TSO/E; technical bulletins from the International Technical Support Organization (“red books”), Washington Systems Center (“orange books”); multiple [...]
-
Página 104
[...]
-
Página 105
[...]
-
Página 106
Communicating Your Comments to IBM OS/390 Security Server (RACF) Planning: Installation and Migration Publication No. GC28-1920-01 If you especially like or dislike anything about this book, please use one of the methods listed below to send your comments to IBM. Whichever method you choose, make sure you send your name, address, and telephone numb[...]
-
Página 107
Reader's Comments — We'd Like to Hear from You OS/390 Security Server (RACF) Planning: Installation and Migration Publication No. GC28-1920-01 You may use this form to communicate your comments about this publication, its organization, or subject matter, with the understanding that IBM may use or distribute whatever information you supp[...]
-
Página 108
Cut or Fold Along Line Cut or Fold Along Line Reader's Comments — We'd Like to Hear from You GC28-1920-01 IBM Fold and Tape Please do not staple Fold and Tape NO POSTAGE NECESSARY IF MAILED IN THE UNITED STATES BUSINESS REPLY MAIL FIRST-CLASS MAIL PERMIT NO. 40 ARMONK, NEW YORK POSTAGE WILL BE PAID BY ADDRESSEE IBM Corporation Depar[...]
-
Página 109
[...]
-
Página 110
IBM Program Number: 5645-001 Printed in the United States of America on recycled paper containing 10% recovered post-consumer fiber. Drop in Back Cover Image Here. GC28-192-1[...]