Interested in bringing a class to you? Onsite training
Overview
| Course code | BE870 | Skill level | Intermediate |
|---|---|---|---|
| Duration | 4.5 days | Delivery type | Classroom
(Hands-on labs) |
| Course type | Public or Private on-site | ||
| Public price | USD $3,915.00 plus tax | ||
Are you already familiar with z/OS concepts and need to know about the z/OS Security Server Resource Access Control Facility (RACF)? Learn to be an effective RACF security administrator as you gain experience and confidence in using the RACF element of the z/OS Security Server. Learn to use RACF to define users, set up group structures, and protect general resources and data sets.
This course presents RACF functions beyond those covered in:
- Basics of z/OS RACF Administration (H3917)
Course Materials
The course materials cover z/OS Security Server RACF.
Hands-On Labs
Eight labs are included to address logging on to defining a RACF Group Structure, user administration, delegating security administration, protecting z/OS data sets, using RACF for Time Sharing Option (TSO) administration, and RACF utilities.
Hands-on lab projects may be done in teams depending on the number of attendees and location.
Training Path
This course is part of an IBM Training Path. Taking this course in the recommended sequence allows you to maximize the benefits from your education.
http://www.ibm.com/services/learning/ites.wss/us/en?pageType=page&contentID=a0000627
View this course in other countries
Training Paths that reference this course are:
Audience
This is an intermediate course for individuals, including security administrators, security auditors, and z/OS system programmers, who need a thorough knowledge of z/OS Security Server RACF and who administer security.
Inexperienced z/OS users should attend Basics of z/OS RACF Administration (H3917).
Prerequisites
You should complete:
or be familiar with the facilities of z/OS and be able to logon to TSO, and use Interactive System Productivity Facility (ISPF). You should also know about z/OS data sets, Direct Access Storage Device (DASD) volumes, and how application programs use data on DASD or tape.
Skills taught
- Evaluate the facilities and options provided by the z/OS Security Server RACF
- Define users to RACF
- Set up a RACF group structure
- Use RACF to define general resources
- Select options to tailor RACF
- Identify the tools available for auditing
- Understand how z/OS components interface with RACF
- Use RACF to protect z/OS data sets
- Identify the RACF utilities and their functions
- Understand how the RACF database is defined and recommend performance options
- Describe how digital certificates can be used in you z/OS environment
Course outline
Security and z/OS Security Server RACF overview
- explain the role RACF plays in data security
- list the four major functions of RACF
- explain how RACF allows or denies a user access to a resource, given a diagram of RACF's resource authorization checking process
- define the terms Universal Access Authority (UACC), access list, user profile, and resource profile
- describe the role of the security administrator and the auditor
Administering groups and users
- describe the group structure in RACF
- create a group structure by defining appropriate RACF group profiles
- define new users to RACF
- implement a centralized or decentralized administrative structure
Protecting z/OS data sets
- state the differences between generic and discrete data set profiles
- explain the process RACF uses to grant or deny user access to a data set
- use the RACF commands or panels to define data set profiles
Introduction to general resources
- give general users the ability to list users and reset passwords
- implement the AUTOUID and shared IDs function for z/OS UNIX
- restrict access to terminals
- control access to z/OS consoles and commands
- use RACF for TSO administration
- set up the global access table
RACF database, tables and performance options
- describe the structure of the RACF database
- recommend RACF performance options
- define a started procedure table
- set up a protected userid
Cryptography and the digital certificate
- describe the basic components of cryptography
- describe the benefit of a digital certificate
- explain how Secure Sockets Layer (SSL) uses digital certificates
- map an z/OS userid to a digital certificate
- discuss certificate name filtering
RACF utilities and exits
- identify the RACF utility or exit that could be used to satisfy an installation requirement
- execute the RACF Database Unload utility
- execute the RACF Remove ID utility
RACF options
- describe the impact that RACF options have on an installation
- identify those options that require special planning before activation
- identify the appropriate options for an installation
Auditing the RACF environment
- describe the audit process and the role of the RACF auditor
- understand how RACF provides audit information
- run the data security monitor and interpret reports
- describe the processing of the RACF report writer
- use the System Management Facility (SMF) data unload utility
- identify report writer alternatives
Storage management and RACF
- explain what functions the DASDVOL profiles enable
- describe the purpose of DATASET and TAPEVOL profiles
- explain how RACF can provide defaults values for DFSMS's automatic class selection routines
- describe the interaction of RACF with DFSMS Hierarchical Storage Management (DFSMShsm), DFSMS Removable Media Manager (DFSMSrmm), and DFSMS Removable Media Manager (DFSMSrmm)
Security for Job Entry Subsystem (JES) facilities
- discuss how JES uses RACF to provide security in the various phases of job processing
- identify the appropriate RACF security features for JES in an installation
Security classification
- explain how security classification can be used to provide additional security for sensitive resources
My IBM
We're here to help
Easy ways to get the answers you need.
or call us at
Call 1-800-426-8322
Open M-F 9AM-7PM ET.
