Learn about the frequently used administrative functions, standard reports, and verification functions of IBM Security zSecure Admin. Gain experience administering RACF profiles using the built-in functions and line commands with the standard ISPF interface provided with the product. Learn how to report and review RACF profiles using the built-in functions and line commands provided. The background and details of the verification functions that report RACF database inconsistencies are explored, and you learn about the generated RACF commands that can assist in fixing these inconsistencies. The CKGRACF function that offers features not included in native RACF is also described. In this course, you also learn to produce customized reports and tailor the RACF installation data field. Hands-on exercises are included in each unit.
This basic-level course is for RACF administrators who use the IBM Security zSecure Admin ISPF panel interface. It is also suitable for RACF administrators, auditors, and compliancy officers who use the IBM Security zSecure Admin panel interface, the built-in functions, and commands to review and report about RACF profiles.
You should have:
- Basic knowledge of, and experience with, RACF
- Familiarity with the IBM Security zSecure Admin or Audit ISPF panel interface
Basic RACF education is assumed and can be obtained in the following classes: Basics of z/OS RACF Administration (ES191) or Introduction to z/OS Security Server RACF (EZ192) - ILO, and Effective RACF Administration (BE870).
- Display RACF user IDs and user information from the ISPF zSecure Admin panels.
- Manage RACF groups interactively and create printed reports.
- Administer RACF data set and general resource profiles and examine the access list.
- Create textual reports on RACF users, groups, data sets, and general resources.
- Review and maintain RACF and Class Descriptor Table (CDT) options.
- Define and maintain input files to control your IBM Security zSecure Admin session.
- Use the standard reports provided with IBM Security zSecure Admin.
- Analyze RACF profiles containing segments.
- Review the installations RACF control tables and analyze the group structure in the installation.
- Create reports about the RACF database and resolve inconsistencies.
- Customize installation data, compare users, queue commands, and run commands using CKGRACF.
Running IBM Security zSecure Admin
- List the advantages of using IBM Security zSecure Admin to administer RACF.
- Identify the sources of information that IBM Security zSecure Admin uses.
- Select different input sources.
- Use the basic setup panels.
Selecting and displaying existing RACF profiles
- Select and display details of user, group, data set, and general resource profiles that match particular search criteria.
- Select and display details of group profiles that match particular search criteria.
- View the access control list (ACL) using different formats.
Profile maintenance using IBM Security zSecure Admin
- Modify single profiles, using line commands, overtyping, or the quick administration panel.
- Change RACF profile definitions in a way that affects multiple profiles and generates multiple RACF commands.
- Mass update, define, delete or recreate up to 10 profiles of the same entity.
- Display and manage application segments.
- Display SETROPTS and Class Descriptor Table settings.
- Define new input file sets.
- Create new data sets to serve as input to zSecure.
RACF administration reports
- Produce reports about RACF profiles and resources.
- View the group tree of a RACF database.
- Produce general status and system settings reports.
- Report who can manage application segments.
Specific user and group reports
- Report users based on password characteristics.
- Identify users with specific attributes.
- Report groups and their settings.
- Compare different users side by side to identify different connects and permissions.
- Compare different groups side by side to identify different permissions.
- Identify the sensitive resources and global writable data.
- Select and report general resources with their member lists.
- Report Global Access Checking (GAC) tables and started tasks.
- Report the status of digital certificates.
RACF management reports
- Identify inconsistencies in the RACF database.
- Use CKGRACF to run commands for profiles that require special care.
- Create your own customized reports.
- Customize the way that RACF installation data is displayed and printed.