RACF for Systems Programmers & Senior Administrators

Objectives
On successful completion of this course, attendees will be able to:

• describe and explain in detail the RACF architecture, its components and facilities
• understand the IPL process, and how RACF can be used to provide additional functionality
• customise RACF to meet individual customer requirements
• describe the major interactions between MQ, CICS, USS & DB/2 with RACF.

Who Should Attend
The course is suitable for all systems programmers and senior RACF administrators who need to understand the technical aspects of RACF, along with the customisation opportunities available.
Prerequisites
Attendees should have a clear understanding of RACF at both the conceptual and practical levels.
Duration
4 days
Course Code
RIMW
Contents
Introduction
Discussion of the objectives of the course.


What is RACF?
RACF history; supported environments; other security components; how RACF works; RACF Profiles; RACF commands; logging & auditing; RACF database; RACF subsystem.


z/OS technical overview
IPL process; Parmlib & Iplparm; z/OS storage; APF authorisation; System Exits (not just RACF).


The RACF database
Database structure; multiple database support; RACF RVARY command; Failsoft processing; backup and recovery; database templates; RACF in a Sysplex; Remote Sharing Facility.


RACF, JES2 & consoles
Resources protected by RACF; SETROPTS options; Network Job Entry; Remote Job Entry; surrogate job control; Userid propagation; JES early verification; protecting z/OS consoles; protecting z/OS commands.


The CICS-RACF interface
The role of CICS in security control; region wide requirements; interface implementation; protected resources; RACF and CICS intercommunication; CICS resource definition; CICS-RACF callable services.


RACF & DB2
DB2 security overview; internal DB2 security; RACF security overview; defining the DB2 subsystem to RACF; defining DB2 objects to RACF; Distributed processing considerations.


RACF & Websphere MQ for z/OS
Websphere MQ for z/OS security overview; controlling security for WebSphere MQ for z/OS; access control; administration.


RACF & Unix System Services
UNIX overview; USS overview; defining UNIX Users and Groups to RACF; UNIX HFS; protecting Directories and Files; security for Daemons and Servers; defining RACF Resource Profiles; auditing UNIX security events; interpreting UNIX-related messages.


RACF & Cryptography
An overview of cryptography: secret key, public key, applications of cryptographic technologies, confidentiality, non-repudiation, message integrity, Secure sockets layer (SSL); z/Series cryptography overview: cryptographic hardware, hardware setup, ICSF setup, callable service APIs, functions supported on z990, migration considerations, hardware cryptography exploiters.


RACF support for Digital Certificates on z/OS
RACDCERT command syntax; creating Certificates in RACF; Key Rings; mapping Certificates with Certificate Name Filtering; implementation considerations.


RACF utilities
IRRMIN00; IRRUT100; IRRUT200; IRRUT400; BLKUPD; IRRADU00; ICHDSM00; IRRDBU00; IRRRID00; IRRBRW00.


RACF control blocks
RCVT; ACEE; SAFV.


RACF modules
ICHRDSNT; ICHRRNG; ICHRRCDE & dynamic CDT; ICHRFR01; ICHRIN03 & Started Class; ICHAUTAB; ICHNCV00; ICHSECOP.


RACF macros
The MVS Router (SAF); RACHECK; RACINIT; RACLIST; FRACHECK; RACDEF; RACSTAT; RACROUTE; ICHEINTY.


RACF exits
Overview; ICHRIX01/02; ICHRCX01/02; ICHRDX01/02; ICHRLX01/02; ICHRFX01/02; ICHRFX03/04; ICHCNX00; ICHCCX00; IRREVX01; ICHACX01; ICHPWX01.


Final wrap-up & questions