FreshersBlog

Issue the following commands one by one from the master console. 1. P TCPIP 2. C CICS1 3. -Stop DB2 4. P TSO 5. Z NET 6. F BPXOINIT, SHUTDOWN = FORKINIT 7. C LLA - Library look aside facility 8. C VLF - Virtual look aside facility 9. F DLF, MODE = DRAIN - Data look aside facility. 10. P DLF 11. P RMF 12. P FFST - First Failure Support Technology. 13. %STOP - Racf 14. C SYSLOGD1 15. $P INIT - Initiators 16. $P JES2, TERM 17. Z EOD 18. Close the consoles 19. Double click on groups cpc images. The list of images present is displayed. 20. Single Click on the image then Double Click on the Deactivate button which is at the Daily panel and Confirm by clicking OK on the pop up window.

RACF is the IBM Security Management product for mainframe operating system. RACF - Extream Security Manager(ESM). Profile - RACF stores all this information about users groups and resources in profiles. A profile is a record of RACF information that has is a record of RACF inforamtion that has been defined by the security administratior. There are 3 profiles. 1) User Profile An individual member identified by his unique id and verified using a password. 2) Group Profile A group is a collection of RACF users who share common access requirement to protected resources or who have similar attributes within the system. 3) Resource Profile Any information stored on a computer system such as datasets, Terminals, volumes etc. There are two type of Resouce Profile a) Dataset Profiles b) General Resource Profiles

Groups are RACF Entities with which you associate any number of users. SYS1 is the highest group which is predefined when RACF is installed. All groups other than SYS1 have a Superior group. 1. Adding new groups The ADDGROUP command is used to define new groups to RACF. -> ADDGROUP|AG grp supgroup(sgroup) owner(demo06). 2. Listing groups The LISTGRP command is used to list information about a RACF defined group. -> LISTGRP|LG grp 3. Modifying Groups The ALTGROUP command is used to alter a RACF defined group profile. -> ALTGROUP|grp data("demo group") owner(sgroup). 4. Deleting Groups. The DELGROUP command is used to delete a RACF defined group. -> DELGROUP|DG grp

The functional elements of RACF are users and groups. RACF users are identified by alphanumeric userID. IBMUSER is a default user and it is a member of group SYS1. 1. Adding new users. -> ADDUSER|AU user01 name(main75) password(UNA) dfltgrp(grp) owner(demo006) 2. Add user with TSO segment. -> ALU user01 tso(proc(ikjdb2) acctnum(acct#) size(4096)) 3. Deleting users used to delete user from RACF Group -> DELUSER|DU user01 4. Connecting user to groups The CONNECT command is used to connect RACF defined users to RACF defined groups. -> CONNECT|CO usr_id Group(new_grp_ID) 5. Altering the user [changing the Default group] -> ALU usr_id dfltgrp(new_grp-ID) 6. Removing users from groups. -> RE usr_ID GROUP(old_grp_ID) 7. Revoke an ID -> ALU user_ID REVOKE 8. Resume an ID -> ALU user_ID RESUME 9. Resume an ID with temporary password. -> ALU usr_ID RESUME password(UNA).

Resource profile is used to protect the resources. There are three types of REsource profiles. 1. DataSet Profiles Datasets can be protected using dataset profile. a. Generic Dataset A generic dataset profile protects more than one datasets. Generic dataset profiles than one datasets. Generic dataset & profiles exploit the similarity in the name of the datasets. More about Dataset Profiles 2.General Resource Profiles

Datasets can be protected using dataset profile. a). Discrete Dataset A Discrete dataset profile protects only a single dataset. Usually very sensitive datasets are protected using discrete dataset profile. Creating a Dataset Profile -> ADDSD 'usr001.Jcl.ps' UACC(NONE) NOTIFY(usr001) Permit userID to access the datasets. -> PE 'usr001.JCL.ps' ID(Demo06) ACCESS(UPDATE) Change Access Authority. -> ALTDSD 'usr001.JCL.ps' UACC(READ) NOtify(usr001) b) Generic Dataset A generic dataset profile protects more than one datasets. Generic dataset profiles than one datasets. Generic dataset & profiles exploit the similarity in the name of the datasets. Creating a Generic Dataset Profile -> ADDSD 'RRSREE.**' UACC(NONE) NOTIFY(usr001) -> SETR GENERIC(DATASET) REFRESH Modifying Dataset Protection -> ALTDSD 'sys1.**' NOTIFY(DAVIN5) UACC(READ) Allowing users to access datasets. -> PERMIT|PE 'SYS1.*...

Listing dataset Protection in z/OS Mainframe LISTDSD command is used to list a dataset profile defined to RACF. -> LISTDSD ID(ram) - will give info about perticular ID. -> LISTDSD ID(ram) all -> LISTDSD dataset('sys1.parmlib') -> LISTDSD dataset('sys1.parmlib') all Removing Dataset Protection The DELDSD command is used to delete the dataset profiles defined to the RACF database. -> DELDSD|DD prfl_name -> DELDSD 'sys.**' Refreshing Dataset Profiles Using SETR REFRESH command we can refresh the dataset profiles.

The RDEFINE Command is used to define the general resource profile to the RACF database. -> RDEF OPERCMDS MVS.DISPLAY.PDS UACC(NONE) NOTIFY(DFSMS) -> SETR RACLIST(OPERCMDS) REFRESH -> PERMIT MVS.DISPLAY.** CLASS(OPERCMDS) ID(MFADMIN) ACCESS(READ) -> RALTER OPERCMDS MVS.DISPLAY.** NOTIFY(RAM) Listing the General Resource Profiles -> RLIST OPERCMDS MVS.DISPLAY.** -> RLIST OPERCMDS MVS.DISPLAY.** ALL.

The following command are used to delete the general resource profiles. -> RDELETE|RDEL cls_name prfl_name. -> RDEL OPERCMDS MVS.DISPLAY.PDS. RACLIST RACLIST is list of frequently accessed profiless maintained in real storage.

A surrogate user can submit jobs on behalf of another user without having to specify the original user's password. The Original user specified on the job card. Job submitted by the surrogate users execute with the authority of the original user. The output of the job owned by the commands. -> RDEF SURROGAT RAM.SUBMIT UACC(NONE) NOTIFY(RAM). -> SETR RACLIST(SURROGAT) REFRESH -> PERMIT RAM SUBMIT CLASS(SURROGAT) ID(OPER001) ACCESS(READ).