Basics of z/OS RACF Administration - ES19G

Basics of z/OS RACF Administration - ES19G

Audience

This is a basic course for individuals who are new to z/OS and the z/OS Security Server RACF and who administration security using the RACF element of the z/OS Security Server.

Prerequisites

Some familiarity with z/OS system facilities is beneficial.

Background material needed to proceed is presented on the first day.

Duration

5 days.

Course Objectives

Learn how to administer the z/OS Security Server Resource Access Control Facility (RACF). Get an introduction to the z/OS environment, Time Sharing Option (TSO) and Interactive System Productivity Facility / Program Development Facility (ISPF/PDF), batch processing, and z/OS data sets. Gain experience with z/OS by viewing, and allocating datasets, submitting a batch job, and viewing job output. Learn how to use basic RACF command parameters, and panels, to define users and groups, protect general resources, z/OS data sets, and choose a basic set of RACF options.

Nine labs are included to address logging on to the z/OS system, working with z/OS data sets, submitting batch jobs to z/OS, using System Display and Search Facility (SDSF) to view jobs in the system, defining a RACF group structure, RACF user administration, delegating security administration, protecting z/OS data sets, and using RACF for TSO administration.

  • Understand the basic features and concepts of zSeries architecture and of the z/OS operating system as they relate to security administration
  • Describe the allocation process for data sets in the z/OS environment
  • Understand how programs access data sets and how RACF security interacts in that process
  • Identify the security requirements of an z/OS system
  • Use basic facilities and features of RACF
  • Define new users and groups to RACF
  • Use RACF to protect z/OS data sets and general resources
  • Select a base set of options to tailor RACF

Course Content

Review of z/Architecture and z/OS
Describe z/Architecture
Provide an overview of z/OS and its components
Explain the concept of virtual storage and its exploitation in z/OS
List the different kinds of data sets and discuss their management in z/OS
Name the main end-user interfaces of z/OS

An Introduction to ISPF and ISPF/PDF
Name and describe the components of ISPF
Log on to the lab system of this class
Log off from the lab system of this class
Start ISPF/PDF
Provide an overview of the structure of ISPF/PDF panels
Alter the ISPF/PDF settings
Use ISPF/PDF to view a data set

An Introduction to Data Sets
Describe data management concepts
Explain the data set allocation process
Describe the catalog structure
Explain how data sets are defined and used
Allocate a new data set
Edit a data set using ISPF/PDF
Delete a data set
Use ISPF/PDF data set list

Batch Processing
Name and explain the Job Entry Subsystem 2 (JES2) job processing phases
Describe the general layout of a job
List and describe the components of a Job Control Language (JCL) statement
Submit a batch job to z/OS
Use ISPF 3.8 and SDSF to handle the job output

Security and RACF Overview
Explain the role RACF plays in data security
List the four major functions of RACF
Explain how RACF allows or denies a user access to a resource, given a diagram of RACF's resource authorization checking process
Define the terms Universal Access Authority (UACC), access list, user profile, and resource profile
Describe the role of the security administrator and the auditor
Explain the features of RRSF

Administering Groups and Users
Describe the group structure in RACF
Create a group structure by defining appropriate RACF group profiles
Define new users to RACF
Implement a centralized or decentralized administrative structure

Protecting z/OS Data Sets
State the differences between generic and discrete data set profiles
Explain the process RACF uses to grant or deny user access to a data set
Use the RACF commands or panels to define data set profiles

Introduction to General Resources
Describe the concepts of general resources
Add a Time Sharing Option (TSO) user to RACF
Add a UNIX System Service user to RACF
Set up a user help desk function

RACF Options
Understand the impact that RACF options have on an installation
Identify those options that require special planning before activation
Identify a basic set of options appropriate for an installation

Other Administrative Facilities and Features
Describe the use of the global access table
Describe the purpose of the started procedure table
Define a protected user
Explain the use of the restricted user attribute
Use the RACF database unload utility to document your RACF system
Describe how to map a digital certificate to a RACF userid

Public Courses

On-Site Courses

Can't attend one of our public classes? Booking for multiple people?

All our courses are available on your site! Delivered for your staff, at your premises.

Contact us to find out more...