Schulung: IBM ES19G - Basics of z/OS RACF Administration
This course begins with an introduction to the z/OS environment, TSO and ISPF/PDF, batch processing, and z/OS data sets. Hands-on labs allow you to gain experience with viewing and allocating data sets, submitting a batch job, and viewing job output. After the introduction to z/OS, you will then learn, through lecture and lab exercises, how to use basic RACF command parameters and/or panels to define users and groups, protect general resources, z/OS data sets, and choose a basic set of RACF options.
Review of z/Architecture and z/OS:
describe z/Architecture provide an overview of z/OS and its components explain the concept of virtual storage and its exploitation in z/OS list the different kinds of data sets and discuss their management in z/OS name the main end-user interfaces of z/OS
An introduction to ISPF and ISPF/PDF:
name and describe the components of ISPF log on to the lab system of this class log off from the lab system of this class start ISPF/PDF provide an overview of the structure of ISPF/PDF panels alter the ISPF/PDF settings use ISPF/PDF to view a data set
An introduction to data sets:
describe data management concepts explain the data set allocation process describe the catalog structure explain how data sets are defined and used allocate a new data set edit a data set using ISPF/PDF delete a data set use ISPF/PDF data set list
name and explain the Job Entry Subsystem 2 (JES2) job processing phases describe the general layout of a job list and describe the components of a Job Control Language (JCL) statement submit a batch job to z/OS use ISPF 3.8 and SDSF to handle the job output
Security and RACF overview:
explain the role RACF plays in data security list the four major functions of RACF explain how RACF allows or denies a user access to a resource, given a diagram of RACF´s resource authorization checking process define the terms Universal Access Authority (UACC), access list, user profile, and resource profile describe the role of the security administrator and the auditor explain the features of RRSF
Administering groups and users:
describe the group structure in RACF create a group structure by defining appropriate RACF group profiles define new users to RACF implement a centralized or decentralized administrative structure
Protecting z/OS data sets:
state the differences between generic and discrete data set profiles explain the process RACF uses to grant or deny user access to a data set use the RACF commands or panels to define data set profiles
Introduction to general resources:
describe the concepts of general resources add a Time Sharing Option (TSO) user to RACF add a UNIX System Service user to RACF set up a user help desk function
understand the impact that RACF options have on an installation identify those options that require special planning before activation identify a basic set of options appropriate for an installation
Other administrative facilities and features:
describe the use of the global access table describe the purpose of the started procedure table define a protected user explain the use of the restricted user attribute use the RACF database unload utility to document your RACF system describe how to map a digital certificate to a RACF userid
Wer sollte teilnehmen:
This is a basic course for individuals who are new to z/OS and the z/OS Security Server RACF and who administration security using the RACF element of the z/OS Security Server.
Experienced z/OS users should take: Effective RACF Administration (BE87)
Some familiarity with z/OS system facilities is beneficial. Background material needed to proceed is presented the first day.
Presentation, discussion, hands-on exercises, demonstrations on the system.