IBM Security zSecure RACF Management Workshop

In this workshop, you learn how to maintain a Resource Access Control Facility (RACF®) database with IBM® Security zSecure Admin and monitor the system with IBM Security zSecure Audit. During hands-on exercises, you act as a RACF security administrator for a fictitious company. In this simulated job role, you learn to define a RACF security environment for a specific department.

This workshop teaches the basics of the security administration process and how to implement company security policies and guidelines into specific RACF profile definitions and settings. You learn to verify the quality and validity of the RACF profiles that you define. Finally, you learn how to interpret and report SMF events that the z/OS system logs during the workshop.

This intermediate-level RACF Management Workshop is intended for users that are responsible for the management of, and reporting about, RACF profiles and authorities. Such users might be, for example, security administrators, compliance officers, systems programmers, and, potentially, auditors.

Before taking this course, make sure that you have the following skills:

• Basic knowledge of, and experience with, the z/OS system and RACF
• The ability to log on to TSO, use ISPF panels, submit a job, and look at the job output
• Familiarity and experience with the IBM Security zSecure Admin or Audit ISPF panel interface

If you do not have these skills, you can learn these skills by attending one or more of the following suggested courses:

• IBM Security zSecure Admin Basic Administration and Reporting TK263G
• Basics of z/OS RACF Administration ES19G
• Effective RACF Administration BE87G

• Describe the purpose and flow of the RACF management workshop
• Set up a flexible RACF group structure for a department based on PMI security policies and IT guidelines
• Define a departmental security administrator user ID, user IDs for plot writers, verify password quality, and create and refresh an IBM Security zSecure CKFREEZE data set
• Create role-based function groups, resource profiles, and an IBM Security zSecure UNLOAD data set
• Implement role-based access using connections and permissions to the function groups
• Use and explain the various zSecure Admin Verify functions, define a started task, verify started procedures, and manage staff member changes
• Review and, if applicable, maintain RACF audit settings and report and examine SMF records that are logged during this workshop
• Prevent users with OPERATIONS from accessing your PMI departmental data sets
• Clean up RACF profiles and, if applicable, data sets and catalog aliases

• Set up a RACF security environment for a hypothetical company based on their security policies and guidelines
• Create and refresh the IBM Security zSecure Admin UNLOAD and CKFREEZE data sets
• Maintain RACF user and group profiles
• Implement role-based access with function groups
• Define, maintain, and examine RACF data set profiles
• Use and explain the Verify functions Protect all, All not empty, and Password
• Define and verify started procedures
• Review and, if applicable, maintain RACF audit settings
• Report and examine SMF records
• Clean up RACF profiles and, if applicable, data sets and catalog aliases