Security

A previous article presented 10 ways to ensure RACF quickly and efficiently processes the thousands of logon and access authorization requests it receives each minute. This article, which is an update to our 2006 article, addresses 10 additional techniques for further improving performance, including the use of new features that have since been added to RACF. However, before we look at the new tips, let’s revisit the original list (available at http://enterprisesystemsmedia.com/article/10-ways-to-improve-racf-performance):…

Read Full Article →

My May column discussed how to review your installation’s protection of disk data sets, including whether the security software gets control, what happens if there’s no matching rule, and protection by both dsname and volser. Here I will provide further coverage of disk data sets, addressing undercutting rules in memory and user privileges that bypass data set protection…

Read Full Article →

Here we continue our discussion of security over each path into the system and consider started tasks and consoles. When an operator at a console in the computer room types the command “START MARY” and hits ENTER, the system finds the Job Control Language (JCL) named MARY and executes it. The JCL for MARY, with an EXEC statement specifying what program to execute and DD statements defining what data sets to make available to that program, looks similar to a batch job. However, it’s a started task, representing yet another path into the system…

Read Full Article →

Here we continue our discussion of security over each path into the system, considering more complications over system access through batch jobs. With z/OS, the security comes from SAF; that is, the security software—RACF, ACF2, or TopSecret. We will examine some less well-known ways a user can submit a batch job that runs with some other userid, including through CICS submissions, Network Job Entry (NJE), and IBM’s Sterling Connect:Direct…

Read Full Article →