This advanced, three-day course is designed, written and presented by specialist RACF consultants.<br>It provides a detailed insight into the technical architecture of RACF and z/OS for z/OS Systems Programmers. The course describes and explains how RACF is implemented and how it can be customised using standard RACF facilities.<br><br>This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.
RACF for z/OS Systems Programmers
Attendees should have a full understanding of RACF at a conceptual level and be familiar with all of the RACF commands and how they are utilised. This can be achieved by attending the courses RACF Administration & Auditing and Advanced RACF Administration.
- describe the RACF architecture, its components and facilities
- customise RACF to meet the requirements of their organisation and its environment
- describe how RACF interacts with USS, DB2 for z/OS and CICS
- describe and use all of the RACF Utilities, using JCL and REXX
- identify how the operation of RACF changes when running in a parallel sysplex
- describe and explain the IPL process and the security issues associated with facilities such as APF, PPT, System Exits and Linklist
- describe the components of the RACF database.
What is RACF?
Why do we need security?; What does security provide?; How does RACF work?; RACF Profiles; RACF classes; How many RACF classes?; Controlling access; RACF commands.z/OS Technical Overview
z/OS controls & drivers; The IPL process; PARMLIB & IPLPARM; Display IPLINFO; LOADxx & IODF; System parameter list IEASYSxx; What is APF?; Defining an APF authorised library; Program Properties Table; Linklist; Dynamic changes; SMFPRMxx; System exits; In-storage profiles; RACLIST & GENLIST; Group tree in storage; ACEE data in memory.The RACF Database
The RACF database; Database format; Database templates; RACF templates; Issues; Dynamic template objectives; New template support; RACF initialisation; IRRMIN00; Multiple database support; RACF database sharing; The RVARY command; RVARY passwords; RACF FAILSOFT processing; Database backup & recovery.RACF Modules
RACF control tables; Modules everywhere!; ICHRDSNT; ICHRRNG; Class Descriptor Table (CDT); Dynamic CDT; Defining a Dynamic CDT; Rules; POSIT values; New segment CDTINFO; CDTINFO options; Managing Dynamic CDTs; Migration Utility (CDT2DYN); ICHRFR01; ICHRIN03; ICHAUTAB; ICHNCV00.RACF in a Sysplex
Types of Sysplex; basic Sysplex; Parallel Sysplex; RACF and Sysplex; RACF communication; RACF data sharing; RACF data sharing problems; the four Sysplex modes; the RACF database name table; Coupling Facility structures; defining Coupling Facility structures; in-storage profiles; RACLISTed profiles via RACROUTE; in-storage profiles and Sysplex; introducing RACGLIST; RACGLIST and REFRESH; using RACGLIST.RACF and Other Subsystems
RACF and UNIX System Services
What is 'UNIX System Services (USS)'?; How is it related to RACF?; Userids; UNIX identity; UNIX user definition; User definition example; User definition - system resource limits; Default UNIX User & Group identity.
RACF and DB2
DB2/RACF security overview; Sign-on security; Connection security; DB2 internal security; Other options; Security strategy (Transaction Manager or DB2); Security strategy (centralised or decentralised); Using remote applications.
RACF & CICS
The CICS-RACF interface; The role of CICS in security control; Region wide requirements; Interface implementation; CICS-RACF interfaces.
RACF utilities; IRRUT100; IRRUT100 examples: output (Group), output (User); IRRUT200; IRRUT200 example JCL; IRRUT200 example output; IRRUT400; IRRUT400 example JCL; IRRADU00; IRRADU00 example JCL; ICHDSM00; ICHDSM00 example JCL; IRRDBU00; IRRDBU00 example; IRRRID00; IRRRID00 JCL; BLKUPD; IRRBRW00; IRRRID00 JCL; SMF unload utility using XML; ICETOOL; IRRICE package; The Audit Reporting tool.RACF Control Blocks
RACF control blocks; RACF Communications Vector Table (RCVT); Finding the RCVT; Understanding the RCVT; Data in the RCVT; RCVT vs ICB; SAF Vector Table (SAFV); Finding the SAFV; Accessor Environment Element (ACEE); Where's my ACEE?; ASXBSENV; TCBSENV; Local Control Block; Which ACEE is used?; Which ACEE do I need?; Caveat ACEE; Finding the active ACEE; Security Token; Security Token contents; Security Token uses; ACEE versus Token.RACF Macros
RACF macros; Macro interfaces; The MVS router (SAF); RACF macros; What do they DO?; RACF macros: RACHECK, RACINIT, RACLIST, FRACHECK, RACDEF, RACSTAT; RACROUTE additions; ICHEINTY; The RACROUTE interface; RACROUTE MF= styles; SAF Parameter list (SAFP); Initialising SAFP; SAFP setup; SAF Work Area (SAFW); SAFW setup; History of REQSTOR & SUBSYS; Using REQSTOR & SUBSYS; Setting up REQSTOR and SUBSYS; Other RACROUTE information; The ACEE - AGAIN!; Return codes; REQUEST=Verify; RACINIT ENVIR= options; RACINIT ENVIR=CREATE; Who do you create?; RACINIT STAT=; ENVIR=CREATE ACEE=; Sample user/password=; Sample with PASSCHK=NO; Sample with Token; Create SESSION=; Create with TERMINAL=; POE=; TERMINAL= vs POE=; Sample with POE=; What about IP addresses?; RACINIT ENVIR=DELETE; ENVIR=DELETE ACEE=; Sample DELETE; REQUEST=AUTH; CLASS=; ENTITY/ENTITYX; ENTITY(X) examples; Sample RACHECK.RACF Exits
RACF exits; RACF exits; RACF exits; ICHRTX00/01; Pre-processing for ICHRTX00; ICHRTX00: input, output; Pre-exit commonalities; Post-exit commonalities; Pre- to post- communication; Work area pointer; From post- to pre-; 'Gotchas' for SVC exits; Need some input; Finding the parameter list; Coding RACF exits; RACF command exit (IRREVX01); What's a 'dynamic exit'?; RACF IRREVX01 dynamic exit; What can you do in the exit?; IRREVX01 parameter list; The exit command buffer; Using the ACEE passed in exit; Testing your command exit; Sample SETPROG command; Dynamic exit security.Question & Answer Session
Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.
Find dates and prices
We have 2 courses available across 1 locations on 2 different dates
EastCall us on 0113 220 7150 to discuss availability in this region.Contact us
LondonCall us on 0113 220 7150 to discuss availability in this region.Contact us
MidlandsCall us on 0113 220 7150 to discuss availability in this region.Contact us
NorthCall us on 0113 220 7150 to discuss availability in this region.Contact us
ScotlandCall us on 0113 220 7150 to discuss availability in this region.Contact us
South1 Location / 2 coursesView dates
Attend from AnywhereCall us on 0113 220 7150 to discuss availability in this region.Contact us
All locations1 Location / 2 coursesView dates
Fully accredited to ensure we provide the highest possible standards in learning