Attendees should have a clear understanding of zOS at a conceptual level and also have a basic understanding of RACF that can be gained by attending the RSM course Understanding RACF. A working knowledge of TSO/ISPF and JCL is also required.
It introduces the concepts, terminology, commands, and procedures involved in administering and auditing RACF. All major aspects of day-to-day RACF administration and auditing are covered.
This course is suitable for RACF Administrators and Auditors, Systems Programmers and any other technicians requiring a knowledge of RACF administration principles and practices.
On successful completion of this course, attendees will be a…
Read the complete description
Attendees should have a clear understanding of zOS at a conceptual
level and also have a basic understanding of RACF that can be
gained by attending the RSM course Understanding RACF. A working
knowledge of TSO/ISPF and JCL is also required.
It introduces the concepts, terminology, commands, and
procedures involved in administering and auditing RACF. All major
aspects of day-to-day RACF administration and auditing are
This course is suitable for RACF Administrators and Auditors,
Systems Programmers and any other technicians requiring a knowledge
of RACF administration principles and practices.
On successful completion of this course, attendees will
be able to:
- Explain the need for security in business information
- Describe how RACF meets business information systems security
- Design a group structure to meet their installation's
- Explain & use RACF commands
- Describe the effect of the various group profile related
- Explain the management and use of the various non-RACF segments
in user profiles
- Connect users to groups and manage the assigned group
- Use the dataset related commands to manage both discrete and
- Manage general resources
- Use and explain the operation of the setropts management
commands Use and interpret the output of the Data Security
- Use the database unload utility, cross reference utility,
remove id utility, database verification utility,
- Database split/merge/extend utility, and the database block
This course includes the following modules:
- What is RACF?; Why do we need Security?; Security in the Old
Days; Security These Days; What security do we need?; Where are the
dangers?; How can RACF help?; RACF Profiles; How RACF operates; The
RACF Database; Resource Classes.
The RACF Manuals
- The Manual Library; RACF Security Administrators Guide; RACF
Command Language Reference; BookManager.
Planning for security
- The Security Policy; Resource Ownership; How to protect
Resources?; Grouping Resources and Users; Document the Plan.
- What are Groups?; Why have Groups?; Users and Groups; The
Initial Group Structure; The Group Hierarchy; System Special and
Group Special; Group Profile Ownership; Group Connections.
The RACF commands
- Entering RACF Commands; RACF Commands and the Manuals; Entering
RACF Commands in Batch; Online Help.
Defining RACF Groups
- Group Profile Commands; Basic ADDGROUP; Specifying the Superior
Group & Owner; Dataset Profile Modeling; RACF Remote Sharing
Parameters; Other ADDGROUP Parameters; Non-RACF Segments - DFP,
OMVS and OVM; Non-RACF Segments TME; Full ADDGROUP Syntax; Full
ALTGROUP Syntax; Full LISTGRP Syntax; LISTGRP Output; Full DELGROUP
Syntax; Group Command Authority.
- User Profile Commands; Basic ADDUSER; Specifying the Default
Group; Group Authority; Class Authority; Group Access Authority;
RACF Remote Sharing Parameters; Dataset Profile Modeling; RACF
Authorities; RACF Attributes; Security Levels and Security
Categories; Security Level Checking; Security Category Checking;
Security Labels; Other ADDUSER Parameters; Non-RACF Segments
(CICS); Non-RACF Segments (DCE); Non-RACF Segments (DFP, LANGUAGE);
Non-RACF Segments (KERB, LNOTES, NDS); Non-RACF Segments (NETVIEW);
Non-RACF Segments (USS, zVM); Non-RACF Segments (OPERPARM);
Non-RACF Segments (TSO); Non-RACF Segments (WORKATTR); Full ADDUSER
Syntax; Basic ALTUSER; ALTUSER Only Parameters; Full ALTUSER
Syntax; Full LISTUSER Syntax; LISTUSER Output; Full DELUSER Syntax;
User Command Authority; Basic PASSWORD; Changing Other Users
Passwords; Full Syntax of PASSWORD; Password Command
Connecting Users to Groups
- Connect and Remove Commands; Basic CONNECT; Full CONNECT
Syntax; Basic REMOVE; Full REMOVE Syntax; Connect/Remove Command
- Dataset Profile Commands; Basic ADDSD; Discrete Dataset
Profiles; Discrete Profile Parameters; Generic Dataset Profiles;
Generic Wildcard Characters - %; Generic Wildcard Characters - *;
Generic Wildcard Characters - **; Specifying Dataset Attributes;
Access Levels; Auditing Access Attempts; Profile Copying; RACF
Remote Sharing Parameters; Security Level & Category Checking;
Other Profile Attributes; Non-RACF Segments DFP; Non-RACF Segments
TME; Full ADDSD Syntax; Basic ALTDSD; ALTDSD Only Parameters; Full
ALTDSD Syntax; Basic LISTDSD; Listing Many Dataset Profiles;
Listing Generic or Discrete Profiles; Specifying What To List; Full
LISTDSD Syntax; LISTDSD Output; Full DELDSD Syntax; Dataset Command
Authority; Basic PERMIT; Conditional Access Lists; Permitting Many
Users Access; Removing Users and Groups; Deleting Access Lists;
Full PERMIT Syntax; PERMIT Command Authority.
General Resource profiles
- General Resource Profile Commands; Basic RDEFINE; Common
RDEFINE Parameters; Adding Additional Profile Information; Non-RACF
Segment TME; When the Class is DLFCLASS; When the Class is APPCLU;
When the Class is REALM; When the Class is PTKTDATA; When the Class
is ROLE; When the Class is STARTED; When the Class is SYSMVIEW;
When the Class is TAPEVOL; When the Class is TERMINAL; Full RDEFINE
Syntax; Resource Grouping Classes; Protecting CICS Transactions;
Protecting Load Modules; Protecting SDSF; Basic RALTER; RALTER Only
Parameters; Full RALTER Syntax; Basic RLIST; Common RLIST
Parameters; Listing Non-RACF Segments; Special RLIST Features; Full
RLIST Syntax; RLIST Output; Full RDELETE Syntax; Remember PERMIT?;
General Resource Command Authority.
Special RACF features
- SEARCH command and control parameters.
The SETROPTS command
- Basic SETROPTS; Dataset Related Parameters; General Parameters;
In-Storage Profile Parameters; B1 Security Parameters; JES
Parameters; Userid & Password Parameters; Auditor Parameters;
SETROPTS LIST Examples; SETROPTS Command Authority.
- RACF Auditing; RACF Report Writer; Basic RACFRW Commands; Full
RACFRW Syntax; Full SELECT Syntax; Basic EVENT Command; Full EVENT
Syntax; Full LIST Syntax; RACFRW Output Example; Full SUMMARY
Syntax; RACF SMF Data Unload Utility; SMF Unload Utility JCL; Using
the Unloaded RACF SMF Data; Processing the RACF SMF Data with DB2;
Standard DB2 Tables; Data Security Monitor; System & Group Tree
Reports; Pgm Properties & Auth Caller Table Reports; Class
Descriptor Table & RACF Exits Report; Global Access Table
Report; Started Procedures Table Report; Selected User Attribute
Reports; Selected Data Sets Report.
RACF utility programs
- Database Unload Utility; Database Cross Reference Utility;
Database Cross Reference Utility Output; RACF Remove ID Utility;
Database Verification Utility; Database Verification Utility
Output; Database Split/Merge/Extend Utility; Database Block-Update