Advanced RACF Administration

Tel: 01494 45 13 13
courses@rsm.co.uk

home

book now

schedule

contact

Education

z/OS - technical
z/OS - applications
CICS
DB2 (UDB & z/OS)
IMS DB & TM
Networks
WebSphere
WebSphere MQ
AIX & Linux @ RSM
Management

Linux,AIX,UNIX

Linux
AIX
UNIX Sun/Solaris
Oracle

Qualifications
BCS-MTP
Training paths

General
Public courses
In-house courses
Graduate & new joiner programmes
STORK programme
RSM Gold Card
Software
Consultancy
Partners
Careers
Privacy
Directions & hotels
Useful links
Terms & conditions

Advanced RACF Administration

This two-day hands on course enables attendees to build on knowledge and skills gained by attending the RSM course RACF Administration & Auditing. In this course Administrators learn how to handle the more technically challenging aspects of RACF.

Public dates - click to book!

04 October 2010 13 December 2010

Course outline

Objectives

On successful completion of this course, attendees will be able to:

describe and explain in detail the RACF architecture, its components and facilities
describe and explain the IPL process and the security issues associated with facilities such as APF, System Exits and the System Linklist
secure and back-up the RACF database
describe the facilities provided by RRSF
describe the RACF tables - in particular the CDT and its dynamic variant
identify the functions provided by RACF for securing JES2
describe the security features and functions in a USS environment
list what facilities RACF provides for Digital Certificates
explain the RACF utilities and use them appropriately.

Who Should Attend

The course is suitable for all Security Administrators & Systems Programmers.

Prerequisites

Attendees should have a clear understanding of RACF at both the conceptual and practical level. All should have attended the RSM RACF Administration & Auditing course.

Duration

2 days

Fee

£850 (ex. VAT)

Course Code

RAAD

Contents

What is RACF?
Why do we need security?; What does security provide?; How does RACF work?; RACF profiles; RACF classes; Controlling access; RACF commands.

z/OS Technical Overview
z/OS controls & drivers; The IPL process; PARMLIB & IPLPARM; Display IPLINFO; LOADxx & IODF; System parameter list IEASYSxx; What is APF?; Defining an APF authorised library; Program Properties Table; Linklist; Dynamic changes; SMFPRMxx; System exits.

The RACF Database
The RACF database; Database format; Database templates; RACF templates; Issues; Dynamic template objectives; New template support; RACF initialisation; IRRMIN00; Multiple database support; RACF database sharing; RACF & sysplex: Basic sysplex, Parallel sysplex; Datasharing issues; RACF Remote Sharing Facility (RRSF); RACF command direction; Password synchronisation; Managed user associations; Controlling RACLINK use; Controlling password synchronisation; Controlling the AT keyword; Automatic RACF command direction; Automatic command direction control; Combined RRSF command direction; Use of the ONLYAT keyword; Automatic password synchronisation; Automatic password synchronisation control; Password synchronisation by command; Combined RRSF password synchronisation; Defining RRSF nodes; The RACF subsystem & parm library; Application Identity Mapping; The RVARY command; RVARY passwords; RACF FAILSOFT processing; Database backup & recovery.

RACF Modules
RACF control tables; Modules everywhere!; ICHRDSNT; ICHRRNG; Class Descriptor Table (CDT); Dynamic CDT; Defining a dynamic CDT; Rules; POSIT values; New segment - CDTINFO; CDTINFO options; Managing dynamic CDTs; Migration utility (CDT2DYN); ICHRFR01; ICHRIN03; Using ICHRIN03; Using the STARTED class; ICHAUTAB; ICHNCV00; ICHSECOP.

RACF & JES2
RACF & JES2; JES resources protected by RACF; Batch user identification; Userid propagation; Surrogate Job Control; JES Earlyverification; Standard Task Identification; SETROPS options for JES; Network Job Entry (NJE); Remote Job Entry (RJE).

UNIX System Services
What is ‘UNIX System Services’ & How is it related to RACF?; Userids; UNIX identity; UNIX user definition; User definition - superuser; Superuser granularity: UNIXPRIV class; UNIXPRIV resources names; User definition - system resource limits; Default UNIX User & Group identity; Enhancement to Map UID & GID; The ‘su’ command; Controlling daemons.

File Systems
File systems are contained in data sets; Using UNIX files; UNIX file security; File access control with Permission Bits; RACF RESTRICTED attribute and UNIX files.

Access Control Lists (ACLs)
ACLs; File access control with Permission Bits & ACLs; The getfacl & setfacl commands; Overriding UNIXPRIV authority with ACL entries; ACL inheritance.

RACF & Digital Certificates
Cryptography in Internet applications; Public key cryptography overview; What is a digital certificate?; Public key & certificate; Uses for certificates in applications; Secure Sockets Layer (SSL); Digital certificates and RACF; How RACF uses digital certificates; RACF classes & commands; RACF certification generation; RACDCERT command; Creating a certificate; Gencert examples; Key rings; Certification installation; RACDCERT ADD examples; Certification installation; Certificate management.

RACF Utilities
RACF utilities; IRRUT100; IRRUT200; IRRUT400; IRRADU00; ICHDSM00; IRRDBU00; IRRRID00; IRRRID00 JCL; BLKUPD; IRRBRW00; IRRRID00 JCL.

Q & A session