How to Use RACF


Duration

5 - 6 hours

Overview

Audience

Application Programmers, Systems Programmers, Database Administrators, Security Administrators and anyone requiring knowledge on how to use the Security Server (RACF) on the OS/390 platform

Prerequisites

How to use TSO and ISPF, understanding of data sets and basic security issues

Objectives

After completing the core modules (1-10) the student should be able to:
  • Explain the concepts of RACF classes, resources and profiles
  • Explain the concepts of RACF users, groups, data sets and general resources
  • Use RACF commands in TSO and Batch
  • Use the ISPF interface to RACF
  • List User details including segment information and interpret the output
  • List Group details and understand Group Authority, Default and Connect groups
  • Change their password and User details
  • Change their Default groups, Connect groups and Group Authority
  • Explain Discrete and Generic Data set profiles
  • Explain Access authorities including UACC
  • Find Data Set profiles and list them
  • Create, delete and alter Data set profiles
  • Permit or Deny access to Data set profiles
  • Manage Data Set profiles using the ISPF interface (RACF panels)
  • Create, delete and alter General Resources, and permit access to them
  • List UNIX File permissions and permit or deny access to OS/390 UNIX files

Course Content

Module 1 INTRODUCTION TO RACF

  • Definition of RACF and what it is used for
  • Concept of Resource Classes
    • Users (identified by UserID)
    • Groups
    • Data Sets
    • General
  • Concept of RACF Profiles
  • Identifying and Authenticating Users
  • Authorizing Access to Resources by Users
  • Recording and Reporting Access Attempts

Module 2 USER INTERFACES TO RACF

  • How to Use TSO to Issue RACF Commands
  • How to Get Online Help for RACF Commands
  • How to Use RACF Panels through ISPF
  • How to Issue RACF Commands in Batch
  • Overview of Operator Interface to RACF (not for use by general users)
  • Programming Interface to RACF

Module 3 HOW USERS ARE DEFINED TO RACF

  • Definition of UserID and User Profile
  • Logging Onto the System with Userid and Password
  • The LISTUSER (LU) TSO Command to List User Details
  • Concept of Segments in User Profile
  • Description of Segment Information:
    • TSO Segment
    • OMVS Segment
    • DFP Segment
    • CICS Segment
  • The LISTUSER (LU) TSO Command to List Segment Details

Module 4 HOW GROUPS ARE DEFINED TO RACF

  • Definition of Group and Group Profile
  • Definition of Default and Connect Groups
  • Definition of Group Authority
    • USE
    • CREATE
    • CONNECT
    • JOIN
  • Group-Level Attributes
  • Group Profile and Segments
  • The LISTGRP (LG) TSO Command to List Group Details
  • Specifying User and Group in Batch

Module 5 CHANGING USER AND GROUP DETAILS

  • Changing Password at Logon Time
  • Changing Password Using PASSWORD TSO Command
  • Changing Password and Default Group Using ALTUSER Command
  • Field Level Access Checking
  • Changing Segment Information Using ALTUSER Command
  • Connecting Users to Groups Using the CONNECT Command
  • Removing Users from Groups Using the REMOVE Command
  • Changing User and Group Details Using RACF Panels

Module 6 PROTECTING DATA SETS

  • Definition of Data Set Resource Class
  • Types of Data Set Profiles:
    • Discrete
    • Generic
  • Types of Access to Data Sets:
    • NONE
    • READ
    • UPDATE
    • CONTROL
    • ALTER
  • Description of UACC Authority
  • Concept of Access Lists
  • The LISTDSD TSO Command to List Data Set Profiles
  • Protecting Data Sets on Tape

Module 7 CONTROLLING ACCESS TO DATA SETS USING TSO

  • The ADDSD TSO Command to Create Data Set Profiles
  • Generic Characters
  • The DELDSD TSO Command to Delete Data Set Profiles
  • The ALTDSD TSO Command to Alter UACC Authority
  • The PERMIT TSO Command to Change Access Lists
  • The SEARCH TSO Command to Find Data Set Profiles

Module 8 CONTROLLING ACCESS TO DATA SETS USING ISPF

  • Using RACF Panels to List Data Set Profiles
  • Using RACF Panels to Create Data Set Profiles
  • Using RACF Panels to Delete Data Set Profiles
  • Using RACF Panels to Alter UACC Authority
  • Using RACF Panels to Change Access Lists
  • Using RACF Panels to Search for Data Set Profiles

Module 9 PROTECTING GENERAL RESOURCES

  • Examples of Types of General Resources:
    • DASD Volumes
    • Programs (Load Modules)
    • Applications (e.g. TSO/E)
  • The SEARCH TSO Command to Find General Resource Profiles
  • The RLIST TSO Command to List General Resource Profiles
  • The PERMIT TSO Command to Control Access to General Resource Profile
  • Using RACF Panels to Manage General Resource Profiles

Module 10 PROTECTING UNIX RESOURCES

  • OS/390 UNIX
  • Hierarchical File System
  • File Security
  • File Permissions
  • Listing File Permissions and Ownership
  • Changing File Permissions
  • Changing File Ownership
  • ISHELL Interface to Manage UNIX Files