RACF Administration & Auditing


This four-day, hands-on class is the definitive RACF course for technicians and administrators. The course, designed and written by RACF specialists, is regularly revised and updated to reflect new functionality and features in the RACF and z/OS environments.

The course introduces and explains the concepts, terminology, commands, and procedures involved in administering and auditing RACF. All significant aspects of day-to-day RACF administration and auditing are fully covered.
To ensure full understanding, a number of realistic practical exercises are performed during this course.

This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.

The next step

For RACF Administrators the next recommended course would be the two-day RACF: Advanced Administration course.
For Sytems Programmers, the next course is the three-day RACF for z/OS Systems Programmers course.

Virtual Classroom Environment dates - click to book!

3 August 2020 28 September 2020 23 November 2020

What is a 'Virtual Classroom Environment'?

 

What do I need?

  • webcam
  • headphones with microphone
  • sufficient bandwidth, at least 1.5 Mb/s in each direction.

What you will learn

On successful completion of this course you will be able to:

  • explain the need for security in business information systems
  • describe how RACF meets business information systems security needs
  • design a group structure to meet their installation's requirements
  • explain & use RACF commands
  • describe the effect of the various group profile related parameters
  • explain the management and use of the various non-RACF segments in user profiles
  • connect users to groups and manage the assigned group authorities
  • use the dataset related commands to manage both discrete and generic profiles
  • manage general resources
  • use and explain the operation of the basic setropts management commands
  • use and interpret the output of the Data Security Monitor
  • use the database unload utility, cross reference utility, remove id utility, database verification utility, database split/merge/extend utility, and the database block update utility
  • run and interpret auditing reports.

Who Should Attend

RACF Administrators and Auditors, Systems Programmers and any other technicians requiring a knowledge of RACF administration principles and practices.

Prerequisites

Attendees should have a clear understanding of z/OS at a conceptual and practical level. A working knowledge of TSO/ISPF and JCL is also required.

Duration

4 days

Fee (per attendee)

£1850 (ex VAT)

Course Code

MRFA

Contents

Introduction to RACF

What is RACF?; Why do we need security?; Security in the 'old days'; Security these days; What security do we need?; Where are the dangers?; How can RACF help?; RACF profiles; How RACF operates; The RACF database; Multiple data set database; Resource classes.

The RACF Manuals

The manual library; RACF Security Administrators' Guide; RACF features; z/OS features; Other products; Related non-RACF manuals; RACF command language reference; BookManager and Adobe pdf.

Planning for Security

The Security Policy; Resource ownership; How to protect resources?; Grouping resources and users; Document the plan.

Group Structure

What are Groups?; Why have Groups?; Users and Groups; The initial group structure; The Group Hierarchy; System Special and Group Special; Group Profile ownership; Group connections.

The RACF Commands

Entering RACF commands; RACF commands and the manuals; Entering RACF commands in batch; Entering commands via a CLIST; Online Help.

Defining RACF Groups

Group profile commands; Basic ADDGROUP; Specifying the SUPerior GROUP & OWNER; Other ADDGROUP parameters; Non-RACF segments - DFP, z/OS and zVM; Full ADDGROUP syntax; Full ALTGROUP syntax; Full LISTGRP syntax; LISTGRP output; Full DELGROUP syntax; Group command authority; SEARCH command.

Defining Users

User profile commands; Basic ADDUSER; Specifying the default group; Group authority; Class authority; RACF authorities; RACF attributes; Security levels and security categories; Security level checking; Security category checking; Security labels; Other ADDUSER parameters; Non-RACF segments; Full ADDUSER syntax; Basic ALTUSER; ALTUSER-only parameters; Full LISTUSER syntax; LISTUSER output; Full DELUSER syntax; User command authority; Basic PASSWORD; Changing other users' passwords; Full syntax of PASSWORD; Password command authority.

Connecting Users to Groups

Connect and Remove Commands; Basic CONNECT; Full CONNECT Syntax; Basic REMOVE; Full REMOVE Syntax; Connect/Remove command authority.

Dataset Profiles

Dataset profile commands; Basic ADDSD; Discrete data set profiles; Discrete profile parameters; Generic data set profiles; Generic wildcard characters - %; Generic wildcard characters - *; Generic wildcard characters - **; Specifying data set attributes; Access levels; Auditing access attempts; Profile copying; Security level & category checking; Other profile attributes; Full ADDSD syntax; Basic ALTDSD; ALTDSD-only parameters; Full ALTDSD syntax; Basic LISTDSD; Listing many data set profiles; Listing generic or discrete profiles; Specifying what to list; Full LISTDSD syntax; LISTDSD output; Full DELDSD syntax; Data set command authority; Basic PERMIT; Conditional access lists; Permitting many users access; Removing users and groups; Deleting access lists; Full PERMIT syntax; PERMIT command authority; SETROPTS REFRESH GENERIC(data set); SEARCH command basics; SEARCH control parameters; The FILTER & MASK parameters.

General Resource Profiles

General resource profile commands; Basic RDEFINE; Common RDEFINE parameters; Adding additional profile information; When the class is CONSOLE; When the class is OPERCMDS; When the class is CDT; When the class is SURROGAT; The Started Task Table; Using ICHRIN03; Using the STARTED class; When the class is TAPEVOL; Full RDEFINE syntax; Resource grouping classes; Protecting CICS transactions; Protecting load modules; Protecting SDSF; Basic RALTER; RALTER-only parameters; Full RALTER syntax; Basic RLIST; Common RLIST parameters; Listing Non-RACF segments; Special RLIST features; Full RLIST syntax; RLIST output; Full RDELETE syntax; Remember PERMIT?; General resource command authority; The Global Access Checking table; In-storage profiles; In-storage profile parameters.

Auditing RACF

Auditing RACF; Auditor parameters; RACF Report Writer; Basic RACFRW commands; Full RACFRW syntax; Full SELECT syntax; Basic EVENT command; Full EVENT syntax; Full LIST syntax; RACFRW output example; Full SUMMARY syntax; RACF SMF data Unload utility; SMF Unload utility JCL; Using the unloaded RACF SMF data; Processing the RACF SMF data with DB2; Other reporting tools; The Data Security Monitor; The System & Group Tree Reports; Program Properties & Auth Caller Table Reports; Class Descriptor Table & RACF Exits Report; Global Access Table Report; Started Procedures Table Report; Selected User Attribute Reports; Selected Data Sets Report.

RACF Utility Programs

The database unload utility; The database cross-reference utility; The database cross-reference utility output; The RACF remove ID utility; The database verification utility; The database split/merge/extend utility; The database block-update utility command.


What the students say

Ideal for me in my learning of the RACF role

RACF Administrator

PGDS

© RSM Technology 2020