DOCSLIB.ORG

Unisys IBM Mainframe Security - Part 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Unisys IBM Mainframe Security - Part 2 ProTech Professional Technical Services, Inc. Unisys IBM Mainframe Security - Part 2 Course Summary Description This course is intended for individuals who need an initial, introductory understanding of IBM's mainframe operating system z/OS and the mainframe security software product Resource Access Control Facility (RACF). It is specifically designed to give attendees a solid foundation in z/OS and RACF without overloading them with advanced technical topics, yet it also serves as the ideal springboard for acquiring Course Outline Course further skills and knowledge. Attendees will gain a fundamental understanding of the components and functions of z/OS and RACF. Objectives After taking this course, students will be able to understand: What z/OS is and what functions it performs The software components of z/OS How to use TSO and ISPF Coding and submitting batch jobs What RACF is and what functions it performs The contents of each type of RACF profile What groups are and how they are used Protecting datasets and general resources How RACF decides whether to grant access Topics Introduction to z/OS Groups Time Sharing Option (TSO) Resource Protection Batch Job Control Language (JCL) Datasets Introduction to RACF General Resources Users RACF Administration Audience This course is designed for anyone requiring general, introductory knowledge of z/OS and RACF. Including; Entry-level security administrators Compliance staff Non-mainframe IT security administrators IT Auditors IT Security Supervisors Prerequisites There are no prerequisites for this course. Duration Two days Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically ProTech Professional Technical Services, Inc. Unisys IBM Mainframe Security - Part 2 Course Outline I. Introduction to z/OS VII. Resource Protection A. z/OS basics A. Resource profiles - discrete, generic, B. z/OS history grouping C. z/OS components B. Access permissions and default D. z/OS terminology access C. OPERATIONS and privileged access II. Time Sharing Option (TSO) authorities A. TSO basics D. WARNING option Course Outline Course B. ISPF panels E. Global Access Table C. Common TSO commands F. RESTRICTED users G. Access authorization process and III. Batch Job Control Language (JCL) logic A. JCL basics H. Access list maintenance B. JOB statement C. EXEC statement VIII. Datasets D. DD statement A. Dataset protection basics B. Dataset profile contents IV. Introduction to RACF C. Discrete and generic profiles A. RACF components D. PROTECTALL B. RACF functions C. Profiles and relationships IX. General Resources D. RACF terminology A. Resource protection basics B. Profile classes and resource names V. Users C. General Resource profile contents A. Identification and authentication D. Discrete, generic, and grouping process profiles B. USERID format and options E. Time Sharing Option (TSO) profiles C. Password change and composition controls X. RACF Administration D. User profile contents and segments A. Administrative authorities B. Logging and reporting VI. Groups A. Concepts and functional roles B. Group hierarchy C. Group profile contents and segments D. UNIVERSAL groups Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically .
Load more

Recommended publications
  • Job Scheduling for SAP® Contents at a Glance
    Kees Verruijt, Arnoud Roebers, Anjo de Heus Job Scheduling for SAP® Contents at a Glance Foreword ............................................................................ 13 Preface ............................................................................... 15 1 General Job Scheduling ...................................................... 19 2 Decentralized SAP Job Scheduling .................................... 61 3 SAP Job Scheduling Interfaces .......................................... 111 4 Centralized SAP Job Scheduling ........................................ 125 5 Introduction to SAP Central Job Scheduling by Redwood ... 163 6Installation......................................................................... 183 7 Principles and Processes .................................................... 199 8Operation........................................................................... 237 9Customer Cases................................................................. 281 The Authors ........................................................................ 295 Index .................................................................................. 297 Contents Foreword ............................................................................................... 13 Preface ................................................................................................... 15 1 General Job Scheduling ...................................................... 19 1.1 Organizational Uses of Job Scheduling ..................................
    [Show full text]
  • JES3 Commands
    z/OS Version 2 Release 3 JES3 Commands IBM SA32-1008-30 Note Before using this information and the product it supports, read the information in “Notices” on page 431. This edition applies to Version 2 Release 3 of z/OS (5650-ZOS) and to all subsequent releases and modifications until otherwise indicated in new editions. Last updated: 2019-02-16 © Copyright International Business Machines Corporation 1997, 2017. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents List of Figures....................................................................................................... ix List of Tables........................................................................................................ xi About this document...........................................................................................xiii Who should use this document.................................................................................................................xiii Where to find more information................................................................................................................ xiii How to send your comments to IBM......................................................................xv If you have a technical problem.................................................................................................................xv Summary of changes...........................................................................................xvi
    [Show full text]
  • Syncsort for Z/VSE Programmer's Guide Release
    All rights reserved. This document contains proprietary and confidential material, and is only for use by licensees of the SyncSort for z/VSE proprietary software system. PROVEN performance SyncSort for z/ VSE Programmer's Guide Release 3. 7 SI-0328-G SyncSort is a registered trademark of Syncsort Incorporated 070809 © Syncsort Incorporated, 2009 All rights reserved. This document contains proprietary and confidential material, and is only for use by licensees of the SyncSort proprietary software system. This publication may not be reproduced in whole or in part, in any form, except with written permission from Syncsort Incorporated. SyncSort is a trademark of Syncsort Incorporated. All other company and product names used herein may be the trademarks of their respective companies. Table of Contents Summary of Changes . v Performance Improvements . v Data Utility Features. v Operating System . vi Messages. vi Chapter 1. Introduction . 1.1 An Introduction to SyncSort for z/VSE. 1.1 SyncSort’s Basic Functions . 1.1 SyncSort’s Data Utility and SortWriter Features . 1.2 Join Processing Sequence . 1.5 Sample SortWriter Report. 1.6 SyncSort’s Operational Features. 1.7 Structure of the Programmer’s Guide. 1.7 Related Reading. 1.9 Chapter 2. SyncSort Control Statements . 2.1 Control Statement Summary Chart . 2.3 Data Utility Processing Sequence. 2.17 Maximum Record Length Allowed . 2.23 Control Statement Examples . 2.25 Rules for Control Statements . 2.25 ALTSEQ Control Statement . 2.30 ANALYZE Control Statement. 2.32 DUPKEYS Control Statement . 2.33 Table of Contents i END Control Statement. 2.38 INCLUDE/OMIT Control Statement .
    [Show full text]
  • Introduction-To-Mainframes.Pdf
    Mainframe The term ‘MainFrame’ brings to mind a giant room of electronic parts that is a computer, referring to the original CPU cabinet in a computer of the mid-1960’s. Today, Mainframe refers to a class of ultra-reliable large and medium-scale servers designed for carrier-class and enterprise-class systems operations. Mainframes are costly, due to the support of symmetric multiprocessing (SMP) and dozens of central processors existing within in a single system. Mainframes are highly scalable. Through the addition of clusters, high-speed caches and volumes of memory, they connect to terabyte holding data subsystems. Mainframe computer Mainframe is a very large and expensive computer capable of supporting hundreds, or even thousands, of users simultaneously. In the hierarchy that starts with a simple microprocessor at the bottom and moves to supercomputers at the top, mainframes are just below supercomputers. In some ways, mainframes are more powerful than supercomputers because they support more simultaneous programs. But supercomputers can execute a single program faster than a mainframe. The distinction between small mainframes and minicomputers is vague, depending really on how the manufacturer wants to market its machines. Modern mainframe computers have abilities not so much defined by their single task computational speed (usually defined as MIPS — Millions of Instructions Per Second) as by their redundant internal engineering and resulting high reliability and security, extensive input-output facilities, strict backward compatibility with older software, and high utilization rates to support massive throughput. These machines often run for years without interruption, with repairs and hardware upgrades taking place during normal operation.
    [Show full text]
  • IBM Z Open Automation Utilities Provides New Services to Help Developers Work with IBM Z/OS Data Sets Directly from the Shell, Java, Or Python
    IBM United States Software Announcement 220-087, dated February 18, 2020 IBM Z Open Automation Utilities provides new services to help developers work with IBM z/OS data sets directly from the shell, Java, or Python Table of contents 1 Overview 3 Technical information 2 Key requirements 3 Ordering information 2 Planned availability date 5 Terms and conditions 2 Program number 9 Prices 2 Publications 9 Order now At a glance IBM Z(R) Open Automation Utilities helps z/OS(R) developers to automate tasks that access z/OS resources. It enables easier calling of z/OS utilities compared with JCL by providing a natural coding experience on UNIX System Services (USS) and interfaces in modern programming languages. Overview Job Control Language (JCL) has been used for a long time for performing or automating a set of steps on the IBM(R) z/OS operating system. Though JCL has evolved with the times, it is inevitably foreign to people familiar with environments such as Linux(R), UNIX, and Microsoft Windows. On z/OS, as an alternative to using JCL, developers can write scripts to automate tasks in the USS environment. Such scripts are easier to understand and to manage, and many open source tools are also available in USS. However, there is a gap in some cases, and z/OS developers have to fall back to submitting JCL jobs, which requires z/OS specific knowledge. In addition, JCL jobs are asynchronous, which means you must submit them to batch and wait for the result; thus, they do not fit in well with the rest of the script, which is typically synchronous.
    [Show full text]
  • 9228 Brown/JCL 01.K.Qxd 5/1/02 11:39 AM Page 1
    9228 Brown/JCL 01.k.qxd 5/1/02 11:39 AM Page 1 CHAPTER 1 INTRODUCTION 1.1 THE SHOCK OF JCL Your first use of JCL (Job Control Language) will be a shock. No doubt you have used personal computers costing $500 or $1,000 that had wonderfully human-engineered software, giving you an expectation of how easy it is to use a computer. Now, as you use a computer costing several million dollars, you may feel like a waif in a Dickens story standing in the shadow of a mas- sive mainframe computer saying meekly, “Please, sir, may I run my job?” It will come as a shock that its software is not wonderfully human engi- neered. The hardware and software design of large IBM mainframe computers date back to the days when Kennedy was president. JCL is a language that may be older than you are. It was designed at a time when user-friendliness was not even a gleam in the eye of its designers. This is easily demonstrated by taking the simple task of copying a file and contrasting how it is done through JCL with how it is done on the most popular personal computer system, Windows. To copy a file with Windows, you left-click twice on the MY COMPUTER icon, left-click on the C: drive icon, left-click twice on the folder containing the file, and right-click on the file to copy. On the resulting menu, you click on COPY and then left-click twice on the folder into which you want the file copied.
    [Show full text]
  • IBM Workload Automation: Glossary Scheduler
    IBM Workload Automation IBM Glossary Version 9 Release 5 IBM Workload Automation IBM Glossary Version 9 Release 5 Note Before using this information and the product it supports, read the information in “Notices” on page 31. This edition applies to version 9, release 5, modification level 0 of IBM Workload Scheduler (program number 5698-WSH) and to all subsequent releases and modifications until otherwise indicated in new editions. © Copyright IBM Corporation 1999, 2016. © Copyright HCL Technologies Limited 2016, 2019 Glossary Use the glossary to find terms and definitions for the IBM Workload Automation products. The following cross-references are used: v See refers you from a term to a preferred synonym, or from an acronym or abbreviation to the defined full form. v See also refers you to a related or contrasting term. To view glossaries for other IBM products, go to www.ibm.com/software/ globalization/terminology. “A” “B” on page 3 “C” on page 4 “D” on page 6 “E” on page 9 “F” on page 11 “G” on page 12 “H” on page 13 “I” on page 13 “J” on page 14 “L” on page 16 “M” on page 17 “N” on page 18 “O” on page 19 “P” on page 20 “Q” on page 22 “R” on page 22 “S” on page 24 “T” on page 26“U” on page 27 “V” on page 28 “W” on page 28 “X” on page 29“Z” on page 30 A access method An executable file used by extended agents to connect to and control jobs on other operating systems (for example, z/OS®) and applications (for example, Oracle Applications, PeopleSoft, and SAP R/3).
    [Show full text]
  • Basic of Mainframe
    Basic of Mainframe Mainframe computer Mainframe is a very large and expensive computer capable of supporting hundreds, or even thousands, of users simultaneously. In the hierarchy that starts with a simple microprocessor at the bottom and moves to supercomputers at the top, mainframes are just below supercomputers. In some ways, mainframes are more powerful than supercomputers because they support more simultaneous programs. But supercomputers can execute a single program faster than a mainframe. The distinction between small mainframes and minicomputers is vague, depending really on how the manufacturer wants to market its machines. Modern mainframe computers have abilities not so much defined by their single task computational speed (usually defined as MIPS ² Millions of Instructions Per Second) as by their redundant internal engineering and resulting high reliability and security, extensive input- output facilities, strict backward compatibility with older software, and high utilization rates to support massive throughput. These machines often run for years without interruption, with repairs and hardware upgrades taking place during normal operation. Software upgrades are only non-disruptive when Parallel Sysplex is in place, with true workload sharing, so one system can take over another's application, while it is being refreshed. More recently, there are several IBM mainframe installations that have delivered over a decade of continuous business service as of 2007, with hardware upgrades not interrupting service. Mainframes are defined by high availability, one of the main reasons for their longevity, because they are typically used in applications where downtime would be costly or catastrophic. The term Reliability, Availability and Serviceability (RAS) is a defining characteristic of mainframe computers.
    [Show full text]
  • Job Control Profile
    1 Job Control Profile 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Document Number: DCIM1034 24 Document Type: Specification Document Status: Published 25 Document Language: E 26 Date: 2012-03-08 27 Version: 1.2.0 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 THIS PROFILE IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL 52 ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT 53 EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. ABSENT A SEPARATE AGREEMENT 54 BETWEEN YOU AND DELL™ WITH REGARD TO FEEDBACK TO DELL ON THIS PROFILE 55 SPECIFICATION, YOU AGREE ANY FEEDBACK YOU PROVIDE TO DELL REGARDING THIS 56 PROFILE SPECIFICATION WILL BE OWNED AND CAN BE FREELY USED BY DELL. 57 58 © 2010 - 2012 Dell Inc. All rights reserved. Reproduction in any manner whatsoever without the express 59 written permission of Dell, Inc. is strictly forbidden. For more information, contact Dell. 60 61 Dell and the DELL logo are trademarks of Dell Inc. Microsoft and WinRM are either trademarks or 62 registered trademarks of Microsoft Corporation in the United States and/or other countries. Other 63 trademarks and trade names may be used in this document to refer to either the entities claiming the 64 marks and names or their products. Dell disclaims proprietary interest in the marks and names of others. 65 2 Version 1.2.0 66 CONTENTS 67 1 Scope ...................................................................................................................................................
    [Show full text]
  • White Pape Product Review
    productwhite pape reviewr Micro Focus Studio Enterprise Edition Test Server Micro Focus Studio Enterprise Edition™ Test Server (Test Server) is a testing suite that supports pre-production testing of mainframe applications on commodity Windows platforms before they are deployed back to the mainframe for production use. PRODUCT REVIEW | Micro Focus Studio Enterprise Edition Test Server OVERVIEW Micro Focus Test Server is a fast, scalable testing environment that enables organizations to perform substantial pre- production testing of IBM mainframe applications on more cost effective Windows servers, while still deploying these back to the mainframe for final system test and release into production. Test Server is a multi-tasking, multi-user transactional and batch testing platform that supports IBM COBOL, IBM Assembler, IBM CICS, IBM IMS (TM and DB) and IBM JCL, IBM DB2, IBM z/OS file formats and SORT utilities on Windows. This means that substantial and complex mainframe applications can be comprehensively tested under Test Server without being constrained by the availability of mainframe resources. Test Server is supplied with the development tools required to compile or assemble mainframe programs as well as data access tools to support the creation or modification of vital test data. It can also be configured so that code and data can, where logical, continue to reside on the mainframe and be executed remotely from the Test Server platform. BENEFITS Complete testing phases faster and with high quality as test cycles are not constrained
    [Show full text]
  • Job Control Language
    JCL Job Control Language im z/OS-Umfeld praktisch anwenden von: Markus Karl Scheibe Informatik-/Betriebswirt (VWA) Nachtigalstr. 10 30173 Hannover Tel.: 0173/6181348 1 Inhaltsverzeichnis 1. Einleitung………………………………………………………………………………….9 1.1. Verarbeitungsmethoden………………………………………………………...….9 1.2. Was ist ein (MVS-)Betriebssystem………………………………………………..9 1.3. Der Katalogeintrag………………………………………………………...………10 1.4. Was ist JCL?..................................................................................................11 1.5. JCL im Vergleich zu anderen Programmiersprachen………………………….11 2. Job-Aufbau………………………………………………………………………………13 2.1. Job-Spezifikation…………………………………………………………………..13 2.2. Arbeitsabläufe……………………………………………………………………...13 2.3. Arbeitsmittel………………………………………………………………………...14 2.4. Der erste Job……………………………………………………………………….15 2.5. Umfeld der JCL…………………………………………………………………….17 2.6. Job Entry Subsystem……………………………………………………………...17 3. JCL in der Praxis………………………………………………………………………..18 3.1. Stepabfolge…………………………………………………………………………18 3.2. DSNAME……………………………………………………………………………18 3.3. DISP…………………………………………………………………………………22 3.3.1. Status………………………………………………………………………...23 3.3.1.1. NEW………………………………………………………………….23 3.3.1.2. OLD…………………………………………………………………..23 3.3.1.3. SHR…………………………………………………………………..23 3.3.1.4. MOD………………………………………………………………….23 3.3.2. Normal Termination………………………………………………………...24 3.3.2.1. DELETE……………………………………………………………..24 3.3.2.2. KEEP…………………………………………………………………24 3.3.2.3. PASS…………………………………………………………………24 3.3.2.4. CATLG……………………………………………………………….24 3.3.2.5.
    [Show full text]
  • Using Sas Software to Compare Strings of Volsers in a Jcl Job and a Tso Clist
    USING SAS SOFTWARE TO COMPARE STRINGS OF VOLSERS IN A JCL JOB AND A TSO CLIST RANDALL M NICHOLS, Mississippi Dept of ITS, Jackson, MS ABSTRACT become more saturated with data and more tapes are needed for the dump. The TRANSLATE function of SAS can be Sometimes re-running a particular step is used to strip out punctuation and other necessary for the operators or the on-call unwanted characters resulting in a string person. To simplify this process a TSO of words separated by blanks which can CLIST was written that can be invoked to then be compared word by word. This build and submit the JCL to back up one process is generally considered a word disk pack at a time. processing function and at first might not seem relevant or appropriate to working Different personnel maintain the FDR with JCL, SYSLOGS, CLISTS, or other backup JCL and the TSO CLIST, so a system related files and records. process was needed to simplify keeping the FDR JCL and the CLIST in sync as Nevertheless, these types of files and VOLSERS were added and removed from records can be visualized as a series of the backup JCL JOBS. To do this words rather than individual bytes. The manually was a time consuming and third generation language model would be error prone process. to do a byte by byte comparison, build tables, make comparisons, keep or reject, write the record. Although SAS THE SOLUTION can be used to do a byte by byte comparison, it also allows us to consider a different solution that in fact might be A solution was to write a SAS program to more intuitive and easy to code.
    [Show full text]