[...]... z/OS 1.1.2 Why Are Mainframes Different? Mainframes were designed initially for high-volume business transactions and, for more than 40 years, have been continually enhanced to meet the challenges of business data processing No computing platform can handle a diversity of workloads better than a mainframe 1.1 Why Use a Mainframe? 3 But aren’t “insert-your-favorite-alternative-platform” computers cheaper/faster/easier... Report 5.3 The Set RACF Options (SETROPTS) Command 5.4 The RACF Database Unload Utility (IRRDBU00) 5.4.1 Removing IDs with IRRRID00 5.5 The RACF Health Checks 5.5.1 RACF_ SENSITIVE_RESOURCES 5.5.2 RACF_ IBMUSER_REVOKED 5.5.3 RACF Classes Active Health Checks 5.6 zSecure Auditing 5.7 Additional Information Chapter 6 Limited-Authority RACF Administrators 6.1 Profiles Owned by Users 6.2 Group-Owned Profiles and... account with RACF special authority, which corresponds roughly to root under UNIX Because you will need to change audit settings, it is not enough to have privileges for a specific group within RACF you need to have global RACF special authority 1.2 Getting Started 5 1.2.2 Logging in to the Mainframe In the old days, access to the mainframe was handled mostly by dedicated terminals that were hard-wired... integration of Tivoli Security products into end-to-end client deployment environments Tim has published numerous articles discussing the use of Tivoli Security products in end-to-end deployment environments, and is a co-author of the book e-Directories: Enterprise Software, Solutions, and Services xxi This page intentionally left blank C H A P T E R 1 Introduction to the Mainframe The mainframe is the... many chances for fraud that securing that information is critical to the global economy For more than 40 years, the IBM® mainframe has been the backbone of financial services and the retail industry Billions of transactions are executed every day across this infrastructure The mainframe is known for its rock-solid security and integrity, yet, that is possible only with the assurance of a well-trained staff... Introduction to the Mainframe On a mainframe, the same computer does everything One security package (RACF, in most cases) protects one operating system kernel Mainframe subsystems do everything else, as you can see in Figure 1.2 Mainframe TCP/IP Internet UNIX System Services (with Web Server) RACF z/OS LDAP Identity Store DB2 Database Figure 1.2 Mainframe architecture That’s a little of the “why” of mainframes... chapter, you’ll need a TSO and OMVS user ID for a z/OS system and the initial password This user ID is created for you by a system administrator Your user ID is a one- to seven-character string that is your “handle” for all the work you do within z/OS It’s the basis for your computer identity within z/OS and the anchor point for all your access control permissions For the other chapters of this book, you... Chapter 6, “Limited-Authority RACF Administrators,” teaches how to create limitedauthority administrators when they are appropriate, and discusses their permissions Your first mainframe security job is likely to be as a limited-authority administrator Unlimited access, called system-SPECIAL, is usually reserved for a few senior security administrators in the mainframe environment Chapter 7, “Mainframes in... programmer, converting legacy mainframe systems to Windows and UNIX applications Since 2004, she has authored numerous education courses for IBM Mark Nelson, CISSP, is a Senior Software Engineer at IBM, a 20-year veteran of the RACF Design team, and a frequent speaker on RACF and z/OS security- related topics Mark’s areas of expertise in RACF include logging and reporting, RACF database analysis, and... look at the mainframe to expand both existing applications and new applications Mainframes are not appropriate to every business need, but they are optimized for high-availability and I/O-intensive applications That growth in the use of the mainframe drives up the need for knowledgeable security administrators This is where this book comes in We assume that you are already an experienced security administrator . Library of Congress Cataloging-in-Publication Data Mainframe basics for security professionals : getting started with RACF / Ori Pomerantz [et al.]. p. cm. ISBN 0-1 3-1 7385 6-9 (hardback : alk. paper). intentionally left blank Mainframe Basics for Security Professionals: Getting Started with RACF ® Requirements Requirements Management IBM Press Visit www.ibmpressbooks.com for a complete list of. 900 Boston, MA 02116 Fax (617) 671 3447 ISBN-13: 97 8-0 -1 3-1 7385 6-0 ISBN-10: 0-1 3-1 7385 6-9 Text printed in the United States on recycled paper at R.R. Donnelley in Crawfordsville, Indiana. First printing