Scribd Logo
Upload

Welcome to Scribd!

  • RACF - To - ACF2 Commands

    Uploaded by

    Gino Thompson
    2K views4 pages
    This document provides information on managing user security and access controls on mainframe systems using RACF and ACF2. It outlines commands for adding and exporting digital certificates, defining user IDs, controlling system access, revoking accounts, defining access to datasets and passwords.

    Original Description:

    Original Title

    RACF -to- ACF2 Commands

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides information on managing user security and access controls on mainframe systems using RACF and ACF2. It outlines commands for adding and exporting digital certificates, defining user IDs, controlling system access, revoking accounts, defining access to datasets and passwords.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    2K views4 pages

    RACF - To - ACF2 Commands

    Uploaded by

    Gino Thompson
    This document provides information on managing user security and access controls on mainframe systems using RACF and ACF2. It outlines commands for adding and exporting digital certificates, defining user IDs, controlling system access, revoking accounts, defining access to datasets and passwords.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    of 4

    Digital Certificates • PKI / X.

    509
    • Use public/private keys
    • Enable more secure authentication, non-repudiation
    • On z/OS you can use, administer and export keys

    • To Add a Certificate
    • RACF: • RACDCERT ID(SYSMAN) ADD(MY.CERT) WITHLABEL('MIGRATED.KEY') PCICC(*)
    • ACF2: • Set profile(user) div(certdata)
    • INSERT SYSMAN.cert DSN(‘MY.CERT’) LABEL(MIGRATED.KEY) TRUST PCICC PKDSLBL(*)

    • To Export a Certificate to z/OS dataset “MY.CERT”


    • RACF: • RACDCERT ID(SYSMAN) EXPORT(LABEL('SECURE.KEY')) DSN(MY.CERT) FORMAT(CERTDER)
    • ACF2: • Set profile(user) div(certdata)
    • EXPORT SYSMAN LABEL(SECURE.KEY) DSN(‘MY.CERT’) FORMAT(CERTDER)
    Displaying User Security Settings
    • Listing a user’s information
    • RACF: LISTUSER userid
    • ACF2: SET LID
    LIST logonid

    Defining IDs
    • RACF: ADDUSER user_id DFLTGRP(group) PASSWORD(pwd)
    • ACF2: SET LID
    INSERT logonid PASSWORD(pwd)

    Controlling System Entry


    • Batch
    • RACF: SETROPTS JES(BATCHALLRACF) forces all BATCH users to be defined to RACF
    SETROPTS CLASSACT(JESJOBS)
    PERMIT SUBMIT.node.job.userid CLASS(JESJOBS) ID(userid) ACCESS(READ)
    • ACF2: Specify the JOBCK option of the GSO OPTS record
    SET LID
    CHANGE logonid JOB

    • TSO • Master Catalog Alias, SYS1.UADS


    • RACF: ALTUSER userid TSO(ACCTNUM(accnum) PROC(logonproc))
    • ACF2: SET LID
    CHANGE logonid TSO
    • CICS
    • RACF: ALTUSER userid CICS
    • ACF2: SET LID
    CHANGE logonid CICS

    Revoking/Suspending Accounts
    • RACF: ALTUSER userid REVOKE
    • ACF2: SET LID
    CHANGE logonid SUSPEND

    Access
    • Defining Security for Datasets
    • RACF: Discrete profile: ADDSD 'dsname‘ UACC(access)
    Generic profile: ADDSD 'dsname-incl-generic-char‘ UACC(access)
    or -> ADDSD 'dsname‘ UACC(access) GENERIC
    • ACF2: $KEY(high-level-qualifier)
    dsname-extent UID(pattern-for-UIDs) R(A) and/or other accesses

    • Permitting Access to Datasets


    • RACF: PERMIT ‘dsname-or-profile ‘ ID(userid) ACCESS(access)
    • ACF2: $KEY(high-level-qualifier)
    dsname-extent UID(pattern-for-UIDs) R(A) and/or other accesses

    • Grouping Access
    • RACF: CONNECT userid GROUP(group)
    • ACF2: SET LID
    CHANGE logonid DEPT(dept)

    Passwords
    • Changing a Password
    • RACF: PASSWORD PASSWORD(newpwd) USER(userid)
    • ACF2: SET LID
    CHANGE logonid PASSWORD(newpwd)
    Displaying User Security Settings

    • Listing a user’s information

    • RACF: LISTUSER userid


    • ACF2: SET LID
    LIST logonid

    Mainframe Security Basics

    • Modes Initial Installation


    Implementation
    Locked-down

    • RACF: WARNING operand on the ADDSD, RDEFINE, ALTDSD, and RALTER commands
    SETROPTS NOPROTECTALL | PROTECTALL specifies security for all datasets
    PROTECTALL requires SETROPTS GENERIC(DATASET)
    SETROPTS PROTECTALL(WARNING)
    • ACF2: MODE=(QUIET | LOG | WARN | ABORT | RULE)

    Admin Authority

    • RACF: SPECIAL, AUDITOR, OPERATIONS Attributes; scoped using groupversions


    CLAUTH, Access and Profile Ownership
    • ACF2: ACCOUNT, SECURITY, LEADER, CONSULT, USER
    Scoped by SCPLIST field defined in logonid record
    https://support.ca.com/irj/portal/anonymous/kbsrch#-
    7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51O
    J%2Fff%2Fz9cZmQBbPbOStrJniGAqsgfP358Hz8ifvzHd3%2FXaTZtqt%2F1x3987%2Ff9Xffv7e%2Fs7u7e%2F5R%2BnW
    YHu%2Bf3728f0Afb%2Bw%2Fvn29Pzvd2tvfu3Z882Jvu7E4%2FffD7%2Fq70zs7v%2B7tu39uhf3d%2FXwKy%2B%2Fv
    %2Bvr8vQfxF%2BAGQ8lAj%2FeWkqt5O6P%2Fmb%2Fx%2FkbW3bX5clt%2Bt6pn%2FNv%2Ff9Ow%2BIIR
    %2B1%2FnvNm3LnT3%2Bd0d%2Frxtui%2B87%2F9vFa7%2Fr7%2Fr%2FAA%3D%3D

    You might also like