RACF Overview

Objectives
On successful completion of this course, attendees will be able to:

• identify the need for security in business information systems
• explain all major RACF commands
• explain data set and general resources
• understand how to connect users to groups
• understand the dataset related commands to manage both discrete and generic profiles
• understand the commands to manage general resources
• describe the audit facilities available in RACF
• use and explain the operation of the setropts management commands

Who Should Attend
The course is suitable for anyone who wishes to gain a basic understanding of RACF.

Duration
1 day

Course Code
3092
Contents
Introduction to RACF
What is required of a security system?; IBM's Resource Access Control Facility (RACF); Main RACF/MVS components; How does RACF work?; RACF Profiles; RACF classes; Controlling access; RACF commands.


Planning for RACF
Management commitment; Selecting a security planning and implementation team; Responsibilities of the implementation team; Deciding what to protect; Deciding how to protect data; Establishing ownership structures; Establishing who needs access.


RACF Group Structure
RACF group structure; ACF group types; RACF group structure - top levels; Data set level 2 groups; Users level 2 groups; General Resource groups; Data sets level 3 groups; Users level 3 groups; Concept of group and profile ownership; Administration delegation; Benefits of RACF groups; Defining RACF groups; Group CONNECT authority; Group profile contents; Group related commands.


Defining Users to RACF
Information on users; RACF user information; DFP segment information; TSO segment information; OPERPARM segment information; NETVIEW segment information; CICS segment information; WORKTTR (APPC) segment information; OMVS segment information; Language Segment Information; Defining a new User; Prepare to create the user profile; Create the User Profile; Give user access to any RACF-protected areas; User-related commands; User attributes; Classifying users and data; Security categories and levels; Security labels.


Defining Data Sets to RACF
Data set related commands; Data set protection; Discrete profiles; Generic profiles; Rules for defining data set profiles; Naming Convention Table Facility; Data set profile ownership; Defining Generic Profiles; Access authority for data sets; Adding data set profiles - ADDSD; PERMIT command.


Defining General Resources
General Resource related commands; Class Descriptor Table (CDT); IBM-defined Resource Classes; Steps for defining General Resource profiles; Granting access to a General Resource; Global Access Table (GAT).


Maintenance & Housekeeping
Maintenance and housekeeping activities; SETROPTS command options; Options for initial setup; In-storage profiles; SETROPTS REFRESH Option; Maintaining the RACF database(s); Maintenance utilities; Maintaining the Started Task Table; RACF Report Writer; The Data Security Monitor (DSMON).