RACF - z/OS Security Server RACF 2.5 Series

This course introduces the learner to IBM's RACF security software, explaining how it has evolved and how it is typically used in z/OS, and can interact with non-z/OS workloads. It discusses the importance of security, and the types of resources it protects. The course then introduces the concept of user and group profiles and describes from a user perspective, RACF's interaction with day-to-day user tasks. Examples showing how various users can interact with RACF are also provided.

This course details the skills that are required by a security administrator, programmer, or DBA in using RACF to secure systems and data. It explains how to define and maintain individual users within RACF, using several different interfaces.

This course follows on from the RACF - Defining and Managing Users in RACF course describing how users can be connected to Group profiles and can be assigned special privileged access.

This course describes how RACF is used to define access to z/OS data sets. Information on the profiles used to provide this access is also discussed in detail.

This course describes how RACF is used to define access to system resources such as DASD and tape volumes, load modules (programs), and terminals. Details of the profiles used to provide access to these items is also discussed in detail.

In this course you will see how encryption keys are used to securely manage data, and the standards that enforce encryption protocols. You will be introduced to various types of certificates and see how data that is stored in them. From a z/OS perspective you will see how IBM's Digital Certificate Access Server (DCAS) provides password free access to that environment using a certificate. Commands used to generate and manipulate digital certificates, and key rings is discussed in detail.

This course describes the requirements for configuring security in a z/OS UNIX environment using RACF. It covers the creation and use of UID and GID definitions as well as file and directory permission bits and access control lists that are referenced when accessing those z/OS UNIX resources.

This course describes how the RACF database is structured and configured, and the skills needed to ensure that it runs optimally.

This course describes the various types of data center audits and discusses the role of an internal auditor when performing a RACF audit. It expands this to look at the general steps to ensure that RACF managed security is aligned with both organizational security standards, and external compliance regulations. RACF auditor privileges are discussed in detail describing how audit information is stored and the commands used to request the capture of specific events. The type of data that can be unloaded from SMF, and the RACF database, is explained along with details on how ICETOOL can be used to process this information to create audit reports.