IBM OS-390 User Manual

0 (0)

OS/390

IBM

Security Server (RACF)

Planning: Installation and Migration

GC28-1920-03

OS/390

IBM

Security Server (RACF)

Planning: Installation and Migration

GC28-1920-03

Note

Before using this information and the product it supports, be sure to read the general information under

Fourth

Edition,

September

1997

This

major

revision

GC28-1920-02.

This

edition

applies

Version

Release 4

OS/390

(5647-A01)

and to all subsequent

releases

and

modifica

indicated

new

editions.

Order

publications

through

your

IBM

representative

the IBM

branch

office

serving

your atlocalitythe .

Publicati

address

below.

IBM

welcomes

your

comments. A

form

for

readers'

comments

may

provided at

the back

this

publication,

your comments to the following address:

International

Business

Machines

Corporation

Department

55JA,

Mail

Station

P384

522

South

Road

Poughkeepsie, NY 12601-5400

United

States

America

FAX

(United

States

Canada):

1+914+432-9405

FAX

(Other

Countries):

Your International Access Code +1+914+432-9405

IBMLink

(United

States

customers

only): KGNVMC(MHVRCFS)

IBM Mail Exchange: USIB6TC9 at IBMMAIL

Internet e-mail: mhvrcfs@vnet.ibm.com

World

Wide

Web:

http://www.s390.ibm.com/os390

you

would

reply,

sure

include

your

name,

address,

telephone number,

FAX number.

Make

sure

include the following in your comment

note:

Title

and

order

number

this

book

Ÿ Page number or topic related

your

comment

When you send information to

IBM, you

grant

IBM

a nonexclusive right to use or distribute the information i

appropriate

without

incurring

any

obligation

you.

International

Business

Machines

Corporation

1994,

1997.

All

rights

reserved.

Note to U.S. Government Users —

Documentation related to restricted rights — Use, duplication or disclosure

restrictions

set

forth

GSA

ADP

Schedule

Contract

with

IBM

Corp.

Contents

Notices	. . . . . . . . . . . . . . . . . . . vii. . . .
Trademarks		. . . . . . . . . . . . . . . . . . .ix . . .
About	This Book	. . . . . . . . . . . . . . . . . . . . . . . . . . .xi. . . . .
Who	Should	Use This Book. . . . . . . . . . . . . . . . . . . . . . . xi. . . . . .

How to Use This .Book. . . . . . . . . . . . . . . . . . . . . . . . xi. . . . . .

Where to Find More Information. . . . . . . . . . . . . . . . . . . .xii. . . . .

IBM Systems Center Publications. . . . . . . . . . . . . . . . . . . xiii. . . . . .

Other		Sources	of Information. . . . . . . . . . . . . . . . . . . . .xiv. . . . . .
To Request Copies of IBM				Publications. . . . . . . . . . . . . . . . .xv. . . .
Summary	of	Changes	. . . . . . . . . . . . . . . . . . . . . . . .xvii. . . . . .
Chapter	1. Planning for		Migration	. . . . . . . . . . . . . . . . . . . 1. . . . .
Migration		Planning	Considerations. . . . . . . . . . . . . . . . . . . . .1 . . . . .
Installation Considerations. . . . . . . . . . . . . . 2. . . .
Customization Considerations . .				. . . . . . . . . . . .2 . . .

Administration Considerations . . . . . . . . . . . . . .2 . . .

Auditing Considerations . . . . . . . . . . . . . . . 3. . . .

Application			Development Considerations. . . . . . . . . . . . . . . . . .3. . . . .
General User Considerations. . . . . . . . . . . . . . . . . . . . . . .3. . . . .
Chapter 2. Release Overview									. . . . . . . . . . . . . 5 . . . .
New	and	Enhanced			Support. . . . . . . . . . . . . . . . . . . . . . .5 . . . . .
RACF/DB2			External			Security Module. . . . . . . . . . . . . . . . . . .5 . . . . .
Enhancements				to	Support			for OpenEdition Services. . . . . . . . . . . . 6. . .
Run-Time			Library Services. . . . . . . . . . . . . . . . . . . . . . .7 . . . . .
Password			History			Enhancements. . . . . . . . . . . . . . . . . . . .7 . . . . .
Tivoli		Management				Environment			(TME) 10 Global Enterprise Management
User Administration Service. . . . . . . . . . . . . . . . . . . . . 8. . . . . .
Program			Control		by		System		.ID. . . . . . . . . . . . . . . . . . . .8 . . . . .
New FMID				. . . . . . . . . . . . . . . . . . 9 . . . .
OW24966			Enhancements				to	TARGET Command		. . . . . . . . . . . . .9 . . .
Enable/Disable Changes . . . . . . . . . . . . . .											10. . . .
OW26237			Enhancements				of	Global Access		Checking. . . . . . . . . . .10. .
Chapter	3.	Summary		of	Changes		to	RACF	Components for	OS/390
Release 4				. . . . . . . . . . . . . . . . . .							11. . . .
Callable Services .						. . . . . . . . . . . . . . . . 11. . . .
Class Descriptor Table (CDT). . . . . . . . . . . . . . . . . . . . . .12. . . . .
Commands				. . . . . . . . . . . . . . . . . .							13. . . .
Data Areas				. . .		. .		. . . . . . . . . . . . .			15. . . .
Exits .			. . . . . . . . . . . . . . . . . . .								16. . . .
Macros		. . . . . . . . . . . . . . . . . . . .17 . . . .
Messages			. . . . . . . . . . . . . . . . . . .17 . . . .
New Messages					.	. .		. . . . . . . . . . . . .			17. . . . .
Changed Messages						. . . . . . . . . . . . . . . .17 . . . .
Deleted Messages						. . . . . . . . . . . . . . . .18 . . . .
Panels		.	. . .			. .		. . . . . . . . . . . . .			.18 . . . .

iii


SYS1.SAMPLIB			. . . . . . . . . . . . . . . . .			19. . . . .
Publications Library . .					. . . . . . . . . . . . . . 20. . . . .
Chapter 4.		Planning Considerations			. . . . . . . . . . . 21. . . . .
Migration Strategy . . . . . . . . . . . . . . . .						21. . . . .
Migration Paths for OS/390 Release 4 Security Server. . . . (RACF). . . .21.
Hardware Requirements . . . . . . . . . . . . . . .						22. . . . .
Compatibility . . . . . . . . . . . . . . . . . .23. . . . .
OpenEdition MVS				. .	. . . . . . . . . . . . . . 23. . . . .
Program Control by System .ID. . . . . . . . . . . . . . . . . . . 23. . . . . .
RELEASE=2.4			Keyword on		Macros . . . . . . . . . . . . . . . . . .23. . . . .
Chapter 5.		Installation Considerations			. . . . . . . . . . .25 . . . .
RACF	Storage		Considerations. . . . . . . . . . . . . . . . . . . . . .25. . . . . .
Virtual Storage . . . . . . . . . . . . . . . . . 25. . . . .
Templates for RACF				on OS/390 Release. . .4. . . . . . . . . . . . . .27. . . .
Chapter 6.		Customization Considerations			. . . . . . . . .	29. . . . .
Customer Additions to the Router Table and. . the. . . CDT. . . . . . .29. .
RACF/DB2		External Security Module Customization. . . . . . . . . . . . 29. . .
Exit Processing . . . .					. . . . . . . . . . . . .	30. . . . .
Chapter 7.		Administration Considerations			. . . . . . . . .	31. . . . .
The	TMEADMIN		Class	. . . . . . . . . . . . . . . . . . . . . . . . .31. . . . . . .

Password History Changes. . . . . . . . . . . . . . . . . . . . . . .31. . . . . . .

Program Control by System .ID. . . . . . . . . . . . . . . . . . . . .31. . . . . .

Enhancements of Global Access Checking. . . . . . . . . . . . . . . . .32. . . .

Chapter 8. Auditing Considerations					.	.	. .	. . . . . .	. 33. . . . .
SMF Records			. . . . . . . .			. . .		. . . . . . .33. . . . .
Chapter	9. Application Development				Considerations			. . . . . . . . . . .35. .
Programming Interfaces . . . . . . . . . . . . . . . 35. . . . .
RELEASE=2.4		Keyword		on Macros . . . . . . . . . . . . . . . . . . . 35. . . . . .
FASTAUTH Changes				. . . . . .			. . . . . . . . . .35 . . . .
Chapter	10.	General	User	Considerations		. . . . . . . . . . . . . . . .37. . . .
Password History Changes. . . . . . . . . . . . . . . . . . . . . . .37. . . . . . .
Glossary		. . . . . . . . .				. . . . . . . . . .39 . . . . .
How to	Get	Your	RACF	CD	. . . . . . . . . . . . . . . . . . . . . . 47. . . . . . .
Index	. . . . . . . . . .					.	. .	. . . . . .	. 49. . . . .

iv OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

Figures

1.New Callable Services. . . . . . . . . . . . . . . . . . . . . . 11. . . . . .

2.Changed Callable Services. . . . . . . . . . . . . . . . . . . . .12. . . . . .

3.	New Classes . . . . . . . . . . . . . . . . 13. . . . .
4.	Changes to	RACF	Commands . . . . . . . . . . . . . . . . . . .	13. . . . . .
5.	Changes to PSPI Data Areas. . . . . . . . . . . . . . . . . . .			16. . . . . .
6.	Changed Executable Macros. . . . . . . . . . . . . . . . . . . .			17. . . . . .
7.	New Panels	for	RACF. . . . . . . . . . . . . . . . . . . . . . .19. . . . . .

8.Changed Panels for RACF. . . . . . . . . . . . . . . . . . . . .19. . . . . .

9.Change to SYS1.SAMPLIB . . . . . . . . . . . . . . . . . . . . .19. . . . . .

10. Changes to the RACF Publications .Library. . . . . . . . . . . . . 20. . . .

11.RACF Estimated Storage Usage. . . . . . . . . . . . . . . . . .25. . . . .

12.Changes to SMF Records. . . . . . . . . . . . . . . . . . . . .33. . . . . .

vi OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

Notices

References in

this

publication

to IBM

products,

programs,

service

that

IBM

intends

make these

available

in all

countries

which

Any

reference

IBM product, program, or service is not intende

imply

that

only

IBM's

product, program,

service may be

used. A

equivalent product, program, or service which does not infringe on any intellectual property rights may be used instead of the IBM produc service. Evaluation and verification of operation in conjunction with ot programs, or services, except those expressly designated by IBM, i responsibility.

IBM	may		have		patents or			pending	patent applications	covering	subject
this		document.				The	furnishing of this document does			not give you any
these		patents.				You can		send license inquiries, in writing,			to:
IBM		Director				of	Licensing
IBM Corporation
500	Columbus			Avenue
Thornwood,				NY	10594
USA
Licensees				of	this		program who wish to have information about it for
enabling:			(i)		the		exchange of information between independently creat
and	other			programs			(including this one) and (ii) the			mutual	use of t
which		has		been		exchanged, should			contact:

IBM Corporation

Mail Station P300

522 South Road

Poughkeepsie, NY 12601-5400

USA

Attention: Information Request

Such information	may be	available, subject to appropriate terms and c
including in some	cases,	payment of a fee.

vii

viii OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

Trademarks

The	following terms	are trademarks of the IBM Corporation in the Unit
other countries or		both:
Ÿ	AIX/6000
Ÿ	BookManager
Ÿ	CICS
Ÿ	CICS/ESA
Ÿ	DB2
Ÿ	DFSMS
Ÿ	FFST
Ÿ	FFST/MVS
Ÿ	IBM
Ÿ	IBMLink
Ÿ	IMS
Ÿ	Library Reader
Ÿ	MVS/ESA
Ÿ	MVS/XA
Ÿ	NetView
Ÿ	OpenEdition
Ÿ	OS/2
Ÿ	OS/390
Ÿ	Parallel Sysplex
Ÿ	RACF
Ÿ	RETAIN
Ÿ	S/390
Ÿ	SOMobjects
Ÿ	System/390
Ÿ	SystemView
Ÿ	TalkLink
Ÿ	VM/ESA
Ÿ	VM/XA

UNIX is a registered trademark in the United States and other co exclusively through X/Open Company Limited.

Windows	is a	trademark	of Microsoft	Corporation.
Other	company,	product,	and service names, which may be denoted by
asterisk (**),		may be	trademarks or	service marks of others.

x OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

About

This

Book

This book contains information about the

Resource

Access

Control

Facilit

which is part of the OS/390 Security Server. The Security Server has

components:

RACF

OpenEdition

DCE

Security

Server

For information about the OpenEdition DCE

Security

Server,

see

the

pub

that

component.

This book provides information to guide

you

through

the

migration

proc

OS/390 Release 3 Security Server (RACF)

RACF

OS/390

Release

Server

(RACF).

The

purpose

this

book

to ensure

orderly

transition

It notis

intended

for

customers

installing

RACF for the first time or in

release prior to Security Server (RACF)

Release 3. First-time RACF cust

should readOS/390 Security Server (RACF) Introductionand use the program

directory

shipped with the

product

when

they

are

ready

to install

Who

Should

Use

This

Book

This book is intended for experienced system programmers responsible

migrating from OS/390 Release 3 Security

Server

(RACF)

OS/390

Releas

Security Server (RACF). This book assumes

you have

knowledge

OS/390

Release

Security

Server

(RACF).

If you are migrating from a RACF 2.2,

or earlier, or from an OS/390

release prior to OS/390 Release 3,

you

should

also

read

book, as described in “Migration Paths for

OS/390

Release

Security

(RACF)”

page 21.

How

Use

This

Book

This book is organized in the following order:

Chapter 1,

“Planning

for

Migration”

page 1,

provides

information to

plan

your

installation's

migration to the

new

release

RACF.

Chapter 2,

“Release

Overview”

page 5,

provides

overview of s

the

new

release.

Chapter 3,

“Summary

Changes

RACF

Components

for

OS/390

Release

4”

page 11,

lists

specific

new

and changed support for the

Chapter 4,

“Planning

Considerations”

page 21,

describes

high-level

migration

considerations

for customers

upgrading

the

new release

from

previous levels

of RACF.

ŸChapter 5, “Installation Considerations” on page 25, highlights informati about installing the new release of RACF.


Ÿ	Chapter 6,	“Customization Considerations” on page 29, highlights informatio
	about customizing function to take advantage of new support										after t
	release	of	RACF	is	installed.
Ÿ	Chapter 7,	“Administration Considerations”					on	page 31,	summarizes		changes
	to administration			procedures for the			new	release	of	RACF.
Ÿ	Chapter 8,	“Auditing Considerations” on page 33, summarizes changes to
	auditing	procedures for the new release of RACF.
Ÿ	Chapter 9,	“Application Development Considerations” on page 35, identifies
	changes in the new release of RACF that might require changes to
	installation's		existing programs.
Ÿ	Chapter 10,		“General		User	Considerations”		on page 37,		summarizes new
	support that might				affect	general user		procedures.

Where to Find More

Information

Where

necessary,

this

book

references information in other books. For

titles and order numbers for all products that areOS/390part of OS/390, se

Information

Roadmap.

Softcopy Publications

The

OS/390

Security

Server

(RACF)

library

available on

the following CD-

The CD-ROM collections include

the IBM Library Reader, a program that

customers

to read

the

softcopy

books.

The OS/390

Security

Server

(RACF) Information , PackageSK2T-2180

This

softcopy

collection

kit

contains

the

OS/390 Security

Server

(RACF)

It also contains the RACF/MVS Version 2

product

libraries,

the

RACF/VM

product library, product books from the OS/390 and VM collections,

International Technical Support Organization (ITSO) books,

and

Washington

System

Center

(WSC)

books

that

contain

substantial

amounts

information

related to RACF. The kit

does not contain any licensed

publications.

this CD-ROM, you have access

RACF-related

information

from

IBM prod

such as OS/390, VM, CICS,

and NetView without maintaining shelves of

hardcopy documentation or handling multiple CD-ROMs. To get more

information on OS/390the Security

Server

(RACF)

Information , Packagesee

the

back

the

book.

The OS/390

Collection

,Kit SK2T-6700

This

softcopy

collection

contains

set

OS/390

and

produc

This

kit

contains

unlicensed

books.

The Online

Library

Omnibus

Edition MVS CollectionSK2T-0710Kit,

This

softcopy

collection

contains

set

of key MVS and MVS-related pr

books. It also includes the RACF Version 2 OS/390productSecuritylibraries.

Server (RACF) Messages and Codesis also available asOnlinepartLibraryof

Productivity Edition

Messages

and

Codes Collection,SK2T-2068.

xii OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

RACF Courses

The	following	RACF	classroom courses are also available:
Ÿ	Effective	RACF	Administration,H3927
Ÿ	MVS/ESA RACF	Security Topics, H3918
Ÿ	Implementing	RACF	Security for CICS/ESA,H3992

IBM provides a variety of educational offerings for RACF. For more classroom courses and other offerings, see your IBMBM representative, Mainframe Training Solutions, GR28-5467, or call 1-800-IBM-TEACH

(1-800-426-8322).

IBM Systems

Center

Publications

IBM systems centers produce “red” and “orange” books that can be

setting up and using RACF.

These

books

have

not been subjected to any formal review nor have

checked for technical accuracy, but

they

represent current product

(at the

time

their

publication)

and

provide valuable information on

of RACF topics. They are not shipped with RACF. You must order them

separately.

selected

list

these

books

follows:

Systems Security Publications Bibliography,G320-9279

Elements of Security: RACF Overview - StudentGG24Notes,-3970

Elements of Security: RACF Installation - StudentGG24-3971Notes,

Elements

Security:

RACF Advanced

Topics

StudentGG24-Notes,3972

RACF

Version

Release 2 Technical PresentationGG24-2539Guide,

RACF

Version

Release

Installation

and

ImplementationSG24-4580 Guide,

Enhanced

Auditing

Using

the

RACF

SMF

Data

UnloadGG24Utility,-4453

RACF

Macros

and

Exit Coding,GG24-3984

RACF

Support

for

Open

Systems Technical

PresentationGG26Guide,-2005

DFSMS

and

RACF

Usage Considerations,GG24-3378

Ÿ Introduction

System and Network Security: Considerations, Options,

Techniques, GG24-3451

Network Security Involving the NetView Family ofGG24Products,-3524

System/390 MVS Sysplex Hardware and Software Migration,GC28-1210

Secured Single Signon in a Client/Server Environment,GG24-4282

Tutorial: Options for Tuning GG22RACF, -9396

OS/390 Security

Server

Audit

Tool

and

Report,

SG24Application-4820

Other books are available, but they are not included in this list, information they present has been incorporated into IBM product manua because their technical content is outdated.

About This Book xiii

Other Sources of Information

IBM provides customer-accessible discussion areas where RACF may be discussed by customer and IBM participants. Other information is availa the Internet.

IBM

Discussion

Areas

Two

discussion

areas

provided

IBM

are

the

MVSRACF

discussion

and

SECURITY

discussion.

MVSRACF

available

customers

through

IBM's

TalkLink

offering.

MVSRACF

from

TalkLink:

1. Select

S390

(the

S/390

Developers'

Association).

2. Use

the

fastpath

keyword:

MVSRACF.

SECURITY

available

customers through IBM's

DialIBM

offering,

may

known by

other

names

various countries. To access SECURIT

1. Use

the

CONFER

fastpath

option.

2. Select

the

SECURITY

CFORUM.

Contact

your

IBM representative for information on TalkLink, DialIBM, or e

offerings

for

your country and for more information

the

availability

MVSRACF and

SECURITY

discussions.

Internet Sources

The following resources are available through the Internet:

ŸRACF home page

You can visit the RACF home page on the World Wide Web using this http://www.s39ð.ibm.com/products/racf/racfhp.html

or http://www.s39ð.ibm.com/racf

ŸRACF-L discussion list

Customers and IBM participants may also discuss RACF on the RACF-L

discussion list. RACF-L is not operated or sponsored by IBM; it is University of Georgia.

To	subscribe		to the	RACF-L	discussion,		so	you can		receive postings,
note to:
listserv@uga.cc.uga.edu
Include		the	following	line	in the	body	of the		note,		substituting yo
and last name as indicated:
subscribe racf-l first_name last_name
To	post	a question or		response to		RACF-L,		send	a	note	to:

racf-l@uga.cc.uga.edu

Include an appropriateSubject: line.

ŸSample code

xivOS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

You can get sample code,	internally-developed	tools,	and	exits to
RACF. All this code works	in our environment, at	the	time	we make i

but is not officially supported. Each tool or sample has a README

describes

the

tool

sample

and

any restrictions on its use.

The

simplest

way

reach this code is through

the

RACF home

home

page,

clickSystem/390on

FTP Servers

under

the

topic, “RACF

Sample

Materials.”

The

code

also

availablelscftp.pokfrom.ibm.com

throughanonymous

ftp .

To get

access:

1. Log

as anonymoususer

2. Change

the directorycd ) /pub/racf/mvs(

to find the subdirectories th

contain

the

sample

code. We'll post an announcement on RACF-L,

MVSRACF,

and SECURITY CFORUM whenever we add anything.

Restrictions

Because

the

sample

code and tools are not

officially

supported,

There

are

guaranteed

enhancements.

APARs

can

accepted.

The

name

and

availabilityftp ofserverthe

may

change

the

future.

We'

post

announcement

RACF-L,

MVSRACF,

and

SECURITY

CFORUM

this

happens.

However,

even

with

these restrictions, it should be useful for

access

this

code.

To Request Copies of

IBM

Publications

Direct

your

request

for

copies of

any

IBM publication to your IBM

to the IBM branch office serving your

locality.

There is also a toll-free customer

support number (1-800-879-2755) availabl

Monday through Friday

from

6:30

a.m.

through 5:00

p.m. Mountain

Time.

You

use

this

number

to:

Order

inquire

about

IBM

publications

Resolve

any

software

manufacturing

delivery

concerns

Ÿ Activate the Program Reorder Form

provide

faster and

conve

ordering

software

updates

See the advertisement at the back

of the book forOS/390information abou

Security

Server

(RACF)

Information

Package.

About This Book xv

xvi OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

Summary of	Changes
\|	Summary	of Changes
\|	for GC28-1920-03
\|	OS/390	Version	2 Release	4
\|	This	book	contains primarily new information for OS/390 Version 2 Relea
\|	Security Server (RACF). When any information appeared in an earlier r
\|	information		that	is new is indicated by a vertical line to the lef

Summary of Changes for GC28-1920-02 OS/390 Release 3

This book contains new information for OS/390 Release 3 Security Server

Summary of Changes for GC28-1920-01 OS/390 Release 2

This	book	contains	new information for		OS/390	Release 2	Security Server
Summary	of Changes
for GC28-1920-00
OS/390	Release	1
This	book	contains	information	previously	presentedRACF Planning: inInstallation
and	Migration, GC23-3736, which			supports RACF Version 2 Release 2.
This	book	includes	terminology,	maintenance,		and editorial	changes.

xvii

xviii OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

Chapter 1. Planning

for

Migration

This

chapter provides

information

help you plan your installation's m

the

new

release of

OS/390 Security

Server (RACF). Before attempting t

you

should

define

plan to ensure a smooth and orderly transition.

thought-out and documented migration plan can help minimize any interrupt

service.

Your

migration plan

should

address

such topics

as:

Identifying

which

required and

optional

products are

needed

Evaluating

new

and

changed

functions

Evaluating

how

incompatibilities

affect your installation

Defining

necessary

changes

to:

–Installation-written code

–Operational procedures

–Application programs

	– Other	related products
Ÿ	Defining	education requirements for operators and					end	users
Ÿ	Preparing	your	staff	and	end users for	migration,	if	necessary
Ÿ	Acquiring	and	installing	the	latest service	level of	RACF	for mainten

The content and extent of a migration plan can vary significantly from installation. To successfully migrate to a new release of RACF, you s installing and stabilizing the new RACF release without activating the n

provided. Installing the new RACF	release without initially	exploiting n
allows you to maintain a stable	RACF environment. The program	directory

with the new OS/390 release gives detailed information about the cor required for installation.

When defining your installation's migration plan, you should consider the

ŸMigration

ŸInstallation

ŸCustomization

ŸAdministration

ŸAuditing

ŸOperation

ŸApplication development

ŸGeneral users

Migration Planning Considerations


Installations		planning	to migrate to a	new release of RACF	must	conside
support	requirements		such as machine and programming restrictions, migra
paths, and		program	compatibility.
For more	information,		see Chapter 4,	“Planning Considerations”	on	page 21.

Installation Considerations

Before installing a new release of RACF, you must determine what updat needed for IBM-supplied products, system libraries, and non-IBM product

(Procedures	for installing RACF are described in the program directory
OS/390, not in	this book.)

Be sure you include the following steps when planning your pre-installatio activities:

Ÿ Obtain and install any					required program			temporary fixes (PTFs)		or	upd
versions		of	the	operating system.
Call	the	IBM	Software		Support	Center	to	obtain	the preventive	service
(PSP)	upgrade		for	RACF.	This	provides	the most		current information		on P


for	RACF. Have RETAIN checked			again	just	before	testing RACF. Inform
for	requesting the PSP upgrade			can be found in the program directo
Although		the program	directory	contains a		list of the required PTFs,
current		information is	available	from	the	support	center.

Ÿ Contact programmers responsible for updating programs.

Verify that	your installation's programs will continue	to run, and, if
make changes	to ensure compatibility with the new	release.

For more information, see Chapter 5, “Installation Considerations” on page 2

Customization Considerations


In order for RACF to meet the specific						requirements of your				installat
customize	function to	take	advantage	of	new		support	after	the	product
For example, you can tailor RACF through the use of								installation		exit r
descriptor table (CDT) support, or options						to	improve	performance. This
changes to	RACF that	might	require	the	installation to			tailor	the	produc

ensure that RACF runs as before or to accommodate new security contro installation requires.

For more information, see Chapter 6, “Customization Considerations” on page

Administration Considerations

Security	administrators must			be	aware of how changes introduced by a
product	release	can	affect an		installation's data		processing	resources.
real and virtual		storage requirements, performance, security, and integr
interest	to security		administrators or			to system	programmers	who	are	r
for making decisions			about	the	computing	system resources used			with	a

For more information, see Chapter 7, “Administration Considerations” on page

2 OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration

Auditing Considerations

Auditors	who are	responsible for	ensuring	proper	access	control and
for their installation are interested in				changes	to security		options,
report	generation	utilities.
For more	information, see Chapter 8,		“Auditing Considerations”			on	page 33

Application Development Considerations

Application	development	programmers	must	be	aware of		new	functions intro
in a new release of RACF. To implement a					new	function,		the	application
development	personnel	should read	this	book	and	the	following		books:

ŸOS/390 Security Server External Security Interface (RACROUTE) Macro Reference

OS/390

Security

Server

(RACF)

Data

Areas

OS/390

Security

Server

(RACF)

Macros

and

Interfaces

ensure

that

existing

programs run as before, the application progr

should be aware of any

changes

data

areas and

processing requi

book

provides

overview

the

changes

that

might

affect existing

programs.

For

information, see

Chapter 9,

“Application

Development Considerations

page

35.

General User Considerations

RACF general users use a RACF-protected system to:

Ÿ Log on to the system

Ÿ Access resources on the system

ŸProtect their own resources and any group resources to which the administrative authority

This book provides an overview of the changes that might affect ex procedures for general users. For more information, see Chapter 10, “G Considerations” on page 37.

Chapter 1. Planning for Migration3

+ 53 hidden pages