FreshersBlog

Posts

Showing posts with the label RACF

RACF - Resource Access Control Facility - Mainframe System

RACF is the IBM Security Management product for mainframe operating system. RACF - Extream Security Manager(ESM). Profile - RACF stores all this information about users groups and resources in profiles. A profile is a record of RACF information that has is a record of RACF inforamtion that has been defined by the security administratior. There are 3 profiles. 1) User Profile An individual member identified by his unique id and verified using a password. 2) Group Profile A group is a collection of RACF users who share common access requirement to protected resources or who have similar attributes within the system. 3) Resource Profile Any information stored on a computer system such as datasets, Terminals, volumes etc. There are two type of Resouce Profile a) Dataset Profiles b) General Resource Profiles

RACF Groups in Mainframe Computer Systems

Groups are RACF Entities with which you associate any number of users. SYS1 is the highest group which is predefined when RACF is installed. All groups other than SYS1 have a Superior group. 1. Adding new groups The ADDGROUP command is used to define new groups to RACF. -> ADDGROUP|AG grp supgroup(sgroup) owner(demo06). 2. Listing groups The LISTGRP command is used to list information about a RACF defined group. -> LISTGRP|LG grp 3. Modifying Groups The ALTGROUP command is used to alter a RACF defined group profile. -> ALTGROUP|grp data("demo group") owner(sgroup). 4. Deleting Groups. The DELGROUP command is used to delete a RACF defined group. -> DELGROUP|DG grp

RACF Users in Mainframe Computer Systems

The functional elements of RACF are users and groups. RACF users are identified by alphanumeric userID. IBMUSER is a default user and it is a member of group SYS1. 1. Adding new users. -> ADDUSER|AU user01 name(main75) password(UNA) dfltgrp(grp) owner(demo006) 2. Add user with TSO segment. -> ALU user01 tso(proc(ikjdb2) acctnum(acct#) size(4096)) 3. Deleting users used to delete user from RACF Group -> DELUSER|DU user01 4. Connecting user to groups The CONNECT command is used to connect RACF defined users to RACF defined groups. -> CONNECT|CO usr_id Group(new_grp_ID) 5. Altering the user [changing the Default group] -> ALU usr_id dfltgrp(new_grp-ID) 6. Removing users from groups. -> RE usr_ID GROUP(old_grp_ID) 7. Revoke an ID -> ALU user_ID REVOKE 8. Resume an ID -> ALU user_ID RESUME 9. Resume an ID with temporary password. -> ALU usr_ID RESUME password(UNA).