IBM zSecure RACF Management Workshop

This intermediate-level RACF Management Workshop is intended for users that are responsible for the management of, and reporting about, RACF profiles and authorities.

Such users might be, for example, security administrators, compliance officers, systems programmers, and, potentially, auditors.

After this course participants should be able to:

• Describe the purpose and flow of the RACF management workshop
• Set up a flexible RACF group structure for a department based on PMI security policies and IT guidelines
• Define a departmental security administrator user ID, user IDs for plot writers, verify password quality, and create and refresh an IBM Security zSecure CKFREEZE data set
• Create role-based function groups, resource profiles, and an IBM Security zSecure UNLOAD data set
• Implement role-based access using connections and permissions to the function groups
• Use and explain the various zSecure Admin Verify functions, define a started task, verify started procedures, and manage staff member changes
• Review and, if applicable, maintain RACF audit settings and report and examine SMF records that are logged during this workshop
• Prevent users with OPERATIONS from accessing your PMI departmental data sets
• Clean up RACF profiles and, if applicable, data sets and catalog aliases

• Set up a RACF security environment for a hypothetical company based on their security policies and guidelines
• Create and refresh the IBM Security zSecure Admin UNLOAD and CKFREEZE data sets
• Maintain RACF user and group profiles
• Implement role-based access with function groups
• Define, maintain, and examine RACF data set profiles
• Use and explain the Verify functions Protect all, All not empty, and Password
• Define and verify started procedures
• Review and, if applicable, maintain RACF audit settings
• Report and examine SMF records
• Clean up RACF profiles and, if applicable, data sets and catalog aliases

Before taking this course, participants should have the following skills:

• Basic knowledge of, and experience with, the z/OS system and RACF
• The ability to log on to TSO, use ISPF panels, submit a job, and look at the job output
• Familiarity and experience with the IBM Security zSecure Admin or Audit ISPF panel interface

If you do not have these skills, you can learn these skills by attending one or more of the following suggested courses:

• IBM Security zSecure Admin Basic Administration and Reporting TK264G
• Basics of z/OS RACF Administration ES19G
• Effective RACF Administration BE87G