Académique Documents
Professionnel Documents
Culture Documents
Objectives
Key terms
Introduction
Why security?
RACF
Security
administration
RACF
RACF
RACF
database
Resource
authorization
checking
and system
control
Protection Levels
Protecting a dataset
AUDITING
--------
FAILURES(READ)
NOTIFY
--------
NO USER TO BE NOTIFIED
Operating
System
RACF
Databases
1 2 3
Resource RACF
manager
4
SAF
7 6 5
or
storage
data
RACROUTE
Optional exits
Exit
Check
SAF CALLABLE Exit RC
SERVICE
S
.
S .
A
A
RACF call
FF RACF
Check
databases RACF RC
Yes / no
RACF Structure
Userid
Group
– Every userid belongs to at least one group
– Group structures are often used for access to resources
Resource
Resource classes
Class descriptor table – used to customize
RACF ADMINISTRATION
RESOURCE
RESOURCE CLASSES
CLASSES
SYSTEM OPTIONS
SYSTEM OPTIONS
DATASET AND
DATASET AND GENERAL
GENERAL
RESOURCEPROFILES
RESOURCE PROFILES
GROUP
GROUP
PROFILES
PROFILES
USER
USER
PROFILES
PROFILES
RACF Functions
Security
administration
RACF
RACF
RACF
database
Resource
authorization
checking
and system
control
User Identification
Valid user
Protected Access
Yes & Yes Yes
Resource? authority?
group?
granted
No No No
Security Administration
Authorized programs
Authorized libraries
SYS1.LINKLIB
SYS1.LPALIB
SYS1.SVCLIB
APF
+
List of installation defined
libraries
Authorized Libraries
Problem Programs
APF Libraries
Authorizing a program
Unauthorized
ibraries.
non-authorized
programs
Authorizing libraries
Dynamic APF
D PROG,APF
D PROG,APF
CSV450I 12.46.27 PROG,APF DISPLAY 027
FORMAT=DYNAMIC
ENTRY VOLUME DSNAME
1 Z04RE1 SYS1.LINKLIB
2 Z04RE1 SYS1.SVCLIB
3 Z04RE1 ANF.SANFLOAD
4 Z04RE2 AOP.SAOPLOAD
5 Z04RE1 AOP.SAOPLOAD
6 Z04RE1 ARTURO.BFSLMOD
7 Z04RE1 ASMA.V1R2M0.SASMMOD1
8 TOTDBZ ASN.V7R1M0.SASNALNK
9 TOTDBZ ASN.V7R1M0.SASNLLNK
10 TOTDBZ ASN.V8R1M0.SASNLOAD
11 TOTPT1 ASNA.V5R1M0.SASNALNK
12 TOTPT1 ASNL.V5R1M0.SASNLLNK
……
35 © 2006 IBM Corporation
Chapter 18 Security
Consoles
Security Roles
Summary
Node D Node E
RACF
RACF
database
database
Node C
Node B
Node A
System C
System B
System A
RACF
database RACF
database RACF
database