RACF for z/OS Systems Programmers


This advanced three-day course, designed, written and presented by specialist RACF consultants, specifically focuses on RACF from a Systems Programmer's perspective.
The course provides a uniquely detailed insight into the technical architecture of RACF and RACF's relationship to z/OS. It describes and explains how RACF is implemented, and how it can be customised using standard RACF facilities.

Extensive hands-on practicals accompany the theory sessions, with each student having their own RACF system to customize.

This course is also available for exclusive one-company presentations, and for live presentation live over the Internet, via RSM's Virtual Classroom Environment service.

The next step

Do you need to know more about RACF and how it works with other systems and services?
For TCP/IP the ideal course is TCP/IP Security in a z/OS Environment using Policy Agent & RACF,
for Db2 you should attend Db2 for z/OS: Using RACF
For UNIX System Services attend RACF Security in a UNIX System Services Environment
For IBM MQ attend Using RACF with IBM MQ
For WebSphere attend Using RACF with WebSphere and Security for WebSphere Applications
For CICS attend Using RACF with CICS

Virtual Classroom Environment dates - click to book!

UK Start Times

29 July 2024 7 October 2024

 

USA/Canada Start Times

8 July 2024 21 October 2024 24 February 2025 23 June 2025

What is a 'Virtual Classroom Environment'?

 

What do I need?

  • webcam
  • headphones with microphone
  • sufficient bandwidth, at least 1.5 Mb/s in each direction.

What you will learn

On successful completion of this course you will be able to:

  • describe the RACF architecture, its components and facilities
  • customise RACF to meet the requirements of their organisation and its environment
  • describe and use all of the RACF Utilities, using JCL and REXX/CLIST
  • identify how the operation of RACF changes when running in a parallel sysplex
  • describe and explain the IPL process and the security issues associated with facilities such as APF, PPT, System Exits and Linklist
  • describe the components of the RACF database.

Who Should Attend

The course is suitable for all experienced Systems Programmers and experienced RACF Administrators who need to understand the technical aspects of RACF.

Prerequisites

Attendees should have a full understanding of RACF at a conceptual level and be familiar with all of the RACF commands and how they are utilised. This can be achieved by attending the courses RACF Administration & Auditing and Advanced RACF Administration.

Duration

3 days

Fee (per attendee)

£1900 (ex VAT)

 

This includes free online 24/7 access to course notes.

 

Hard copy course notes are available on request from rsmshop@rsm.co.uk

at £50.00 plus carriage per set.

Course Code

RAZO

Contents

What is RACF?

Why do we need security?; What does security provide?; How does RACF work?; RACF Profiles; RACF classes; How many RACF classes?; Controlling access; RACF commands.

z/OS Technical Overview

z/OS controls & drivers; The IPL process; PARMLIB & IPLPARM; Display IPLINFO; LOADxx & IODF; System parameter list IEASYSxx; What is APF?; Defining an APF authorised library; Program Properties Table; Linklist; Dynamic changes; SMFPRMxx; System exits; In-storage profiles; RACLIST & GENLIST; Group tree in storage; ACEE data in memory.

The RACF Database

The RACF database; Database format; Database templates; RACF templates; Issues; Dynamic template objectives; New template support; RACF initialisation; IRRMIN00; Multiple database support; RACF database sharing; The RVARY command; RVARY passwords; RACF FAILSOFT processing; Database backup & recovery.

RACF in a Sysplex

RACF and sysplex; Basic sysplex; Parallel sysplex; RACF communication; RACF data sharing; RACF data sharing problems; The four sysplex modes; The RACF database name table; Coupling Facility structures; Defining Coupling Facility structures; In-storage profiles reminder; RACLISTed profiles via RACROUTE; In-storage profiles and sysplex; Introducing RACGLIST; RACGLIST and REFRESH; Using RACGLIST.

RACF Modules

RACF control tables; RACF modules; ICHRDSNT; Using the IRRPRMxx member; IRRPRMxx parameters; ICHRDSNT - example; ICHRRNG; Class Descriptor Table (CDT); Dynamic CDT; Defining a Dynamic CDT; Rules; POSIT values; New segment CDTINFO; CDTINFO options; Managing Dynamic CDTs; Migration Utility (CDT2DYN); ICHRFR01; Normal rules apply; ICHRIN03; The Started Task Table; ICHAUTAB; ICHNCV00; ICHSECOP.

RACF Utilities

IRRUT100; IRRUT100 example output (Group); IRRUT100 example output (User); IRRUT200; IRRUT200 example JCL; IRRUT200 example output; IRRUT400; IRRUT400 example JCL; IRRADU00; IRRADU00 example JCL; ICHDSM00; ICHDSM00 example JCL; IRRDBU00; IRRRID00; IRRRID00 JCL; BLKUPD; IRRBRW00; IRRBRW00 JCL; DFSORT ICETOOL utility; Using ICETOOL; ICETOOL - sample JCL; ICETOOL report; RACFICE package; Sample report - ICETOOL keywords; The Audit Reporting Tool; ART main menu; SMF UNLOAD; XML output format support with SMF UNLOAD; SMF UNLOAD - Job; SMF UNLOAD - XML document; Browsing an XML document; Using an XSLT stylesheet.

RACF Control Blocks

RACF control blocks; RACF Communications Vector Table (RCVT); Finding the RCVT; Understanding the RCVT; Data in the RCVT; RCVT vs ICB; SAF Vector Table (SAFV); Finding the SAFV; Accessor Environment Element (ACEE); Where's my ACEE?; ASXBSENV; TCBSENV; Local Control Block; Which ACEE is used?; Which ACEE do I need?; Caveat ACEE; Finding the active ACEE; Security Token; Security Token contents; Security Token uses; ACEE versus Token.

RACF Macros

RACF macros; Macro interfaces; The MVS router (SAF); RACF macros; What do they DO?; RACF macros: RACHECK, RACINIT, RACLIST, FRACHECK, RACDEF, RACSTAT; RACROUTE additions; ICHEINTY; The RACROUTE interface; RACROUTE MF= styles; SAF Parameter list (SAFP); Initialising SAFP; SAFP setup; SAF Work Area (SAFW); SAFW setup; History of REQSTOR & SUBSYS; Using REQSTOR & SUBSYS; Setting up REQSTOR and SUBSYS; Other RACROUTE information; The ACEE - AGAIN!; Return codes; REQUEST=Verify; RACINIT ENVIR= options; RACINIT ENVIR=CREATE; Who do you create?; RACINIT STAT=; ENVIR=CREATE ACEE=; Sample user/password=; Sample with PASSCHK=NO; Sample with Token; Create SESSION=; Create with TERMINAL=; POE=; TERMINAL= vs POE=; Sample with POE=; What about IP addresses?; RACINIT ENVIR=DELETE; ENVIR=DELETE ACEE=; Sample DELETE; REQUEST=AUTH; CLASS=; ENTITY/ENTITYX; ENTITY(X) examples; Sample RACHECK.

RACF Exits

RACF exits; ICHRTX00/01; Pre-processing for ICHRTX00; ICHRTX00: input, output; Pre-exit commonalities; Post-exit commonalities; Pre- to post- communication; Work area pointer; From post- to pre-; 'Gotchas' for SVC exits; Need some input; Finding the parameter list; Coding RACF exits; RACF command exit (IRREVX01); What's a 'dynamic exit'?; RACF IRREVX01 dynamic exit; What can you do in the exit?; IRREVX01 parameter list; The exit command buffer; Using the ACEE passed in exit; Testing your command exit; Sample SETPROG command.

Question & Answer Session


© RSM Technology 2022