BMC Mainframe: RACF Administration & Auditing
The course is developed and delivered by © RSM Technology.
This four-day, hands-on class is the definitive RACF course for technicians and administrators. The course, designed and written by RACF specialists, is regularly revised, and updated to reflect new functionality and features in the RACF and z/OS environments.
The course introduces and explains the concepts, terminology, commands, and procedures involved in administering and auditing RACF. All significant aspects of day-to-day RACF administration and auditing are fully covered.
To ensure full understanding, several realistic practical exercises are performed throughout this course.
Major release:
BMC Mainframe Infrastructure Platform Training
Good for:
Administrators
Course Delivery:
Instructor-Led Training (ILT) | 32 hours
Course Modules
-
Introduction to RACF
- What is RACF?
- Why do we need security?
- Security in the 'old days'
- Security these days
- What security do we need?
- Where are the dangers?
- How can RACF help?
- RACF profiles
- How RACF operates
- The RACF database
- Multiple data set database
- Resource classes
-
The RACF Manuals
- The manual library
- RACF Security Administrators' Guide
- RACF features
- z/OS features
- Other products
- Related non-RACF manuals
- RACF command language reference
- BookManager and Adobe pdf
-
Planning for Security
- The Security Policy
- Resource ownership
- How to protect resources?
- Grouping resources and users
- Document the plan
-
Group Structure
- What are Groups?
- Why have Groups?
- Users and Groups
- The initial group structure
- The Group Hierarchy
- System Special and Group Special
- Group Profile ownership
- Group connections
-
The RACF Commands
- Entering RACF commands
- RACF commands and the manuals
- Entering RACF commands in batch
- Entering commands via a CLIST
- Online Help
-
Defining RACF Groups
- Group profile commands
- Basic ADDGROUP
- Specifying the SUPerior GROUP & OWNER
- Other ADDGROUP parameters
- Non-RACF segments - DFP, z/OS and zVM
- Full ADDGROUP syntax
- Full ALTGROUP syntax
- Full LISTGRP syntax
- LISTGRP output
- Full DELGROUP syntax
- Group command authority
- SEARCH command
-
Defining Users
- User profile commands
- Basic ADDUSER
- Specifying the default group
- Group authority
- Class authority
- RACF authorities
- RACF attributes
- Security levels and security categories
- Security level checking
- Security category checking
- Security labels
- Other ADDUSER parameters
- Non- RACF segments
- Full ADDUSER syntax
- Basic ALTUSER
- ALTUSER- only parameters
- Full LISTUSER syntax
- LISTUSER output
- Full DELUSER syntax
- User command authority
- Basic PASSWORD
- Changing other users' passwords
- Full syntax of PASSWORD
- Password command authority
-
Connecting Users to Groups
- Connect and Remove Commands
- Basic CONNECT
- Full CONNECT Syntax
- Basic REMOVE
- Full REMOVE Syntax
- Connect/Remove command authority
-
Dataset Profiles
- Dataset profile commands
- Basic ADDSD
- Discrete dataset profiles
- Discrete profile parameters
- Generic dataset profiles
- Generic wildcard characters - %
- Generic wildcard characters - *
- Generic wildcard characters - **
- Specifying dataset attributes
- Access levels
- Auditing access attempts
- Profile copying
- Security level & category checking
- Other profile attributes
- Full ADDSD syntax
- Basic ALTDSD
- ALTDSD- only parameters
- Full ALTDSD syntax
- Basic LISTDSD
- Listing many dataset profiles
- Listing generic or discrete profiles
- Specifying what to list
- Full LISTDSD syntax
- LISTDSD output
- Full DELDSD syntax
- Dataset command authority
- Basic PERMIT
- Conditional access lists
- Permitting many users access
- Removing users and groups
- Deleting access lists
- Full PERMIT syntax
- PERMIT command authority
- SETROPTS REFRESH GENERIC(data set)
- SEARCH command basics
- SEARCH control parameters
- The FILTER & MASK parameters
-
General Resource Profiles
- General resource profile commands
- Basic RDEFINE
- Common RDEFINE parameters
- Adding additional profile information
- When the class is CONSOLE
- When the class is OPERCMDS
- When the class is CDT
- When the class is SURROGAT
- The Started Task Table
- Using ICHRIN03
- Using the STARTED class
- When the class is TAPEVOL
- Full RDEFINE syntax
- Resource grouping classes
- Protecting CICS transactions
- Protecting load modules
- Protecting SDSF
- Basic RALTER
- RALTER-only parameters
- Full RALTER syntax
- Basic RLIST
- Common RLIST parameters
- Listing Non-RACF segments
- Special RLIST features
- Full RLIST syntax
- RLIST output
- Full RDELETE syntax
- Remember PERMIT?
- General resource command authority
- The Global Access Checking table
- In-storage profiles
- In-storage profile parameters
-
Auditing RACF
- Auditing RACF
- Auditor parameters
- RACF Report Writer
- Basic RACFRW commands
- Full RACFRW syntax
- Full SELECT syntax
- Basic EVENT command
- Full EVENT syntax
- Full LIST syntax
- RACFRW output example
- Full SUMMARY syntax
- RACF SMF data Unload utility
- SMF Unload utility JCL
- Using the unloaded RACF SMF data
- Processing the RACF SMF data with Db2
- Other reporting tools
- The Data Security Monitor
- The System & Group Tree Reports
- Program Properties & Auth Caller Table Reports
- Class Descriptor Table & RACF Exits Report
- Global Access Table Report
- Started Procedures Table Report
- Selected User Attribute Reports
- Selected Data Sets Report
-
RACF Utility Programs
- Re The database unload utility
- The database cross-reference utility
- The database cross-reference utility output
- The RACF remove ID utility
- The database verification utility
- The database split/merge/extend utility
- The database block-update utility command