Basics of z/OS RACF Administration Training in Sweden

Some familiarity with z/OS system facilities is beneficial. Background material needed to proceed is presented the first day.

• Understand the basic features and concepts of zSeries architecture and of the z/OS operating system as they relate to security administration
• Describe the allocation process for data sets in the z/OS environment
• Understand how programs access data sets and how RACF security interacts in that process
• Identify the security requirements of an z/OS system
• Use basic facilities and features of RACF
• Define new users and groups to RACF
• Use RACF to protect z/OS data sets and general resources
• Select a base set of options to tailor RACF

Review of z/Architecture and z/OS

• describe z/Architecture
• provide an overview of z/OS and its components
• explain the concept of virtual storage and its exploitation in z/OS
• list the different kinds of data sets and discuss their management in z/OS
• name the main end-user interfaces of z/OS

An introduction to ISPF and ISPF/PDF

• name and describe the components of ISPF
• log on to the lab system of this class
• log off from the lab system of this class
• start ISPF/PDF
• provide an overview of the structure of ISPF/PDF panels
• alter the ISPF/PDF settings
• use ISPF/PDF to view a data set

An introduction to data sets

• describe data management concepts
• explain the data set allocation process
• describe the catalog structure
• explain how data sets are defined and used
• allocate a new data set
• edit a data set using ISPF/PDF
• delete a data set
• use ISPF/PDF data set list

Batch processing

• name and explain the Job Entry Subsystem 2 (JES2) job processing phases
• describe the general layout of a job
• list and describe the components of a Job Control Language (JCL) statement
• submit a batch job to z/OS
• use ISPF 3.8 and SDSF to handle the job output

Security and RACF overview

• explain the role RACF plays in data security
• list the four major functions of RACF
• explain how RACF allows or denies a user access to a resource, given a diagram of RACF's resource authorization checking process
• define the terms Universal Access Authority (UACC), access list, user profile, and resource profile
• describe the role of the security administrator and the auditor
• explain the features of RRSF

Administering groups and users

• describe the group structure in RACF
• create a group structure by defining appropriate RACF group profiles
• define new users to RACF
• implement a centralized or decentralized administrative structure

Protecting z/OS data sets

• state the differences between generic and discrete data set profiles
• explain the process RACF uses to grant or deny user access to a data set
• use the RACF commands or panels to define data set profiles

Introduction to general resources

• describe the concepts of general resources
• add a Time Sharing Option (TSO) user to RACF
• add a UNIX System Service user to RACF
• set up a user help desk function

RACF options

• understand the impact that RACF options have on an installation
• identify those options that require special planning before activation
• identify a basic set of options appropriate for an installation

Other administrative facilities and features

• describe the use of the global access table
• describe the purpose of the started procedure table
• define a protected user
• explain the use of the restricted user attribute
• use the RACF database unload utility to document your RACF system
• describe how to map a digital certificate to a RACF userid