ES19 - IBM Basics of z/OS RACF Administration
Durée : 5 jours
Prix Public : 3.690,00 € HT (tarif Inter-Entreprise)
Overview
Learn how to administer the z/OS Security Server Resource Access Control Facility (RACF). Get an introduction to the z/OS environment, Time Sharing Option (TSO) and Interactive System Productivity Facility / Program Development Facility (ISPF/PDF), batch processing, and z/OS data sets. Gain experience with z/OS by viewing, and allocating datasets, submitting a batch job, and viewing job output. Learn how to use basic RACF command parameters, and panels, to define users and groups, protect general resources, z/OS data sets, and choose a basic set of RACF options.
Course Materials
The course materials cover z/OS Security Server RACF.
Hands-On Labs
Nine labs are included to address logging on to the z/OS system, working with z/OS data sets, submitting batch jobs to z/OS, using System Display and Search Facility (SDSF) to view jobs in the system, defining a RACF group structure, RACF user administration, delegating security administration, protecting z/OS data sets, and using RACF for TSO administration.
Hands-on lab projects may be done in teams depending on the number of attendees and location.
There is also an instructor-led online version of this course: Basics of z/OS RACF Administration – ILO (EZ191)
Training Path
This course is part of an IBM Training Path. Taking this course in the recommended sequence allows you to maximize the benefits from your education.
http://www.ibm.com/services/learning/ites.wss/us/en?pageType=page&contentID=a0000627
Public
This is a basic course for individuals who are new to z/OS and the z/OS Security Server RACF and who administration security using the RACF element of the z/OS Security Server.
Experienced z/OS users should take:
- Effective RACF Administration (BE87)
Pré-requis
Some familiarity with z/OS system facilities is beneficial. Background material needed to proceed is presented the first day.
Objectifs
- Understand the basic features and concepts of zSeries architecture and of the z/OS operating system as they relate to security administration
- Describe the allocation process for data sets in the z/OS environment
- Understand how programs access data sets and how RACF security interacts in that process
- Identify the security requirements of an z/OS system
- Use basic facilities and features of RACF
- Define new users and groups to RACF
- Use RACF to protect z/OS data sets and general resources
- Select a base set of options to tailor RACF
Programme
Review of z/Architecture and z/OS
- describe z/Architecture
- provide an overview of z/OS and its components
- explain the concept of virtual storage and its exploitation in z/OS
- list the different kinds of data sets and discuss their management in z/OS
- name the main end-user interfaces of z/OS
An introduction to ISPF and ISPF/PDF
- name and describe the components of ISPF
- log on to the lab system of this class
- log off from the lab system of this class
- start ISPF/PDF
- provide an overview of the structure of ISPF/PDF panels
- alter the ISPF/PDF settings
- use ISPF/PDF to view a data set
An introduction to data sets
- describe data management concepts
- explain the data set allocation process
- describe the catalog structure
- explain how data sets are defined and used
- allocate a new data set
- edit a data set using ISPF/PDF
- delete a data set
- use ISPF/PDF data set list
Batch processing
- name and explain the Job Entry Subsystem 2 (JES2) job processing phases
- describe the general layout of a job
- list and describe the components of a Job Control Language (JCL) statement
- submit a batch job to z/OS
- use ISPF 3.8 and SDSF to handle the job output
Security and RACF overview
- explain the role RACF plays in data security
- list the four major functions of RACF
- explain how RACF allows or denies a user access to a resource, given a diagram of RACF’s resource authorization checking process
- define the terms Universal Access Authority (UACC), access list, user profile, and resource profile
- describe the role of the security administrator and the auditor
- explain the features of RRSF
Administering groups and users
- describe the group structure in RACF
- create a group structure by defining appropriate RACF group profiles
- define new users to RACF
- implement a centralized or decentralized administrative structure
Protecting z/OS data sets
- state the differences between generic and discrete data set profiles
- explain the process RACF uses to grant or deny user access to a data set
- use the RACF commands or panels to define data set profiles
Introduction to general resources
- describe the concepts of general resources
- add a Time Sharing Option (TSO) user to RACF
- add a UNIX System Service user to RACF
- set up a user help desk function
RACF options
- understand the impact that RACF options have on an installation
- identify those options that require special planning before activation
- identify a basic set of options appropriate for an installation
Other administrative facilities and features
- describe the use of the global access table
- describe the purpose of the started procedure table
- define a protected user
- explain the use of the restricted user attribute
- use the RACF database unload utility to document your RACF system
- describe how to map a digital certificate to a RACF userid