This newly upgraded and extended three-day, hands-on course is the natural follow-on to the definitive 'RACF Administration & Auditing' course for all RACF Administrators. It enables attendees to build on the knowledge and skills they have gained previously with further advanced skills and techniques.<br>In this course experienced RACF Administrators will learn how to handle the more technically challenging aspects of using RACF in today's z/OS environments.<br>The course is packed with challenging, practical, hands-on exercises that will reinforce what attendees learn during the classroom sessions.<br><br>This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.


Attendees should have a clear understanding of RACF at both the conceptual and practical level. All should have attended the course RACF Administration & Auditing.

Delegates will learn how to

  • describe and explain in detail the RACF architecture, its components and facilities
  • understand and use the SETROPTS and RVARY command to manipulate the RACF options and database
  • use Advanced General Resources classes
  • define users to use TSO
  • define the parameters needed to set up security for JES2 and SDSF
  • describe the facilities provided by RRSF
  • describe the B1 Security parameters including Security labels, levels and categories
  • list what facilities RACF provides for Digital Certificates.


What is RACF?

Why do we need security?; What does security provide?; How does RACF work?; RACF profiles; RACF classes; Controlling access; RACF commands.

Defining TSO Users

TSO & RACF; The TSO segment of a user profile; TSO General Resource classes; TSO/E logon screen; TSO administration.

Advanced General Resources

The FACILITY Class in general; The HELPDESK function; Setting up the HELPDESK facility classes; Password Reset and List User with the Owner and Group functions; Password Enveloping; How does password enveloping work; Exceptions to Password enveloping; RACF Variables; Using the RACFVARS Class; Using RACF variables; FIELD Level access checking; Using the FIELD class; Delegating TSO Administration; Security for OMVS; Using the CFIELD class; What is a CUSTOM FIELD; RACF Command changes; Define a Custom Field; Activate a Custom Field; Putting data into a Custom Field; Authorisation for CSDATA; RACF Panel changes; RACF Profile segments; DASD volume operations; Access to DASD volumes; DASDVOL profiles; RACF security for TAPES; Tape volume protection; Tape data set protection;TAPEVOL, BLP; OPERCMDS class.


RACF & JES2; JES resources protected by RACF; Batch user identification; Userid propagation; Surrogate Job Control; JES Earlyverification; Started Task identification; SETROPTS options for JES; Network Job Entry (NJE); Remote Job Entry (RJE); z/OS security environment; Resource classes for JES security; Securing jobs with RACF; Job input processing; Job submission control; Job validation; JES job input sources; JESINPUT - controlling Port-Of-Entry device names; Job name control; TSO SUBMIT/CANCEL commands; SURROGAT class; Surrogate job submission; Job input processing: PROPCNTL & SECLABEL; Nodes class; NJE security; Controlling transmission to other nodes; Controlling receipt of jobs & sysout; Propagation through NJE; Translation between nodes; RJE/RJP signon & logon security; Controlling output destinations; Security overlays with PSF; Spool protection; JES dataset name format; JESPOOL class profiles; Controlling messages; Controlling data transmission; SDSF; SDSF authorised commands; SDSF line & implicit commands.

RACF Remote Sharing Facility

The RACF Remote Sharing Facility; RACF command direction; RACF password synchronisation; managed user associations; controlling RACLINK use; controlling password synchronisation; controlling the AT keyword; automatic RACF command direction; controlling automatic RACF command direction; combined RACF command direction; use of ONLYAT keyword; automatic password synchronisation; controlling automatic password synchronisation; password synchronisation by command; combined RACF command direction; defining RRSF nodes; the RACF subsystem & parameter library; APPC and TCP/IP connections.

Security Labels

Security classification; Multilevel security;Security labels; Security levels; Security categories; Dominance and equivalence.

RACF & Digital Certificates

Cryptography in Internet applications; Public key cryptography overview; What is a digital certificate?; Public key & certificate; Uses for certificates in applications; Secure Sockets Layer (SSL); Digital certificates and RACF; How RACF uses digital certificates; RACF classes & commands; RACF certification generation; RACDCERT command; Creating a certificate; Gencert examples; Key rings; Certification installation; RACDCERT ADD examples; Certification installation; Certificate management.


Basic SETROPTS; Dataset related parameters; General related parameters; InStorage Profile parameters, B1 Security parameters; JES parameters; Userid and Password parameters; AUDIT parameters; SETROPTS command authority; the RVARY command; RVARY Passwords; RACF FAILSOFT processing.

Q & A session