The basic function of SNT is to register the security information regarding all users. Users not registered in this table will not be allowed to access the system. In order to use the CICS system the user has to sign-on to the terminal using the sign-on transaction CESN or CSSN, where he has to specify his userid and password. The CICS will check that whether both the userid and password are valid and only then it will give access to the system.
The CESN is the sign-on transaction with the External Security Manager (ESM) such as RACF. The ESM userid and password defined in the SNT must be provided for the CESN transaction. The entry to the Sign-on Table is made by a macro DFHSNT where details like user name or userid, password, etc., are specified. In this DFHSNT definition, if the option EXTSEC is given as YES it means that the system is using an ESM and for signing-on the CESN transaction must be used. But EXTSEC is given as NO then that means that no ESM is used and the sign-on transaction to be used is CSSN
CICS transaction security allows only authorized users to initiate a protected transaction. For making a transaction protected the following steps has to be done. In the SNT entry of the user who has to be given the authority to access the protected transaction, specify the security key parameter, SCTYKEY = n. In the PCT entry of the transaction that has to bd protected, for the TRANSEC parameter specifies the security key given in the SNT. Then if and only if the SCTYKEY and TRANSEC entries match, CICS will allow the initiation of the transaction. Otherwise, CICS rejects the initiation request thus ensuring transaction security.
Since the SCTKEY and TRANSEC are both 5, CICS will allow the user ALEXIS to initiate the transaction with id TASK1.
Resource security function is to prevent unauthorized access to protected resources. To achieve this in the SNT entry of the user, specify the Resource level key parameter, RSLKEY=n and depending on the resource that is to be protected specify RSL=n in the respective table entries. That is RSL= n should be specified in FCT for protecting files, JCT for protecting journals,' PCT for protecting transactions, PPT for protecting programs, DCT for protecting transient data and in TST for protecting TSQs in the auxiliary files. Then in the PCT entry of all transactions, where the resource security level check have to made, specify RSLC=YES. If the terminal user initiates a transaction with RSLC=YES, the transaction can access only those resources whose RSL entry matches with the RSLKEY in the SNT. If both the parameters do not match, CICS will return the NOTAUTH condition.
Resource Access Control Facility (RACF)
Resource Access Control FacilityorRACF provides the tools to help the installation manage access to critical resources.
Any security mechanism is only as good as the management control of the people who access the system.Access, in a computer-based environment, means the ability to do something with a computer resource (for example, use, change, or view something).Access controlis the method by which this ability is explicitly enabled or restricted. It is the responsibility of the installation to see that access controls that are implemented are working the way they are supposed to work, and that variances are reported to and acted on by management.
Computer-based access controls are calledlogical access controls. These are protection mechanisms that limit users' access to information to only what is appropriate for them. Logical access controls are often built into the operating system, or can be part of the logic of application programs or major utilities, such as database management systems. They may also be implemented in add-on security packages that are installed into an operating system; such packages are available for a variety of systems, including PCs and mainframes. Further, logical access controls might be present in specialized components that regulate communications between computers and networks.
To be effective, access control must allow management to adopt the principle of least possible privilege for those resources that are deemed to be highly sensitive. This principle says that access to these resources is controlled in such a way that permission to use them is restricted to just those people whose normal duties require their use. Any unusual use of the resource should be approved by an administrator or manager, as well as the owner of the resource.
Resource Access Control FacilityorRACFprovides the tools to manage user access to critical resources. RACF is an add-on software product that provides basic security for a mainframe system (examples of other security software packages include ACF2 and Top Secret, both from Computer Associates).
RACF protects resources by granting access only to authorized users of the protected resources. RACF retains information about users, resources, and access authorities in special structures called profiles in its database, and it refers to these profiles when deciding which users should be permitted access to protected system resources. To help your installation accomplish access control, RACF provides the ability to:
RACF uses a user ID and a system-encrypted password to perform its user identification and verification. The user ID identifies the person to the system as a RACF user. The password verifies the user's identity. Often exits are used to enforce a password policy such as a minimum length, lack of repeating characters or adjacent keyboard letters, and also the use of numerics as well as letters. Popular words such as "password" or the use of the user ID are often banned.
The other important policy is the frequency of password change. If a user ID has not been used for a long time, it may be revoked and special action is needed to use it again. When someone leaves a company, there should be a special procedure that ensures that the user IDs are deleted from the system.
RACF, with its lists of users and lists of resources, allows management to delegate the authority to the owners of these entities in such a way as to maintain the separation of duties while maintaining a flexible, responsive access control strategy.
The delegation mechanism in RACF and the easy, nontechnical commands that change the relationship of a user to a resource mean that adopting the principle of least possible privilege need not be burdensome nor inflexible when unusual circumstances dictate that access permission should be changed. When an unforeseen circumstance requires a change in access privilege, the change can be made by a nontechnical person with access to a TSO terminal, and management can be alerted to review the fact that the change was made.
Major subsystems such as CICS® and DB2® can use the facilities of RACF to protect transactions and files. Much of the work to configure RACF profiles for these subsystems is done by the CICS and DB2 system programmers. So, there is a need for people in these roles to have a useful understanding of RACF and how it relates to the software they manage.
IBM Mainframe Related Interview Questions
|IBM Lotus Notes Interview Questions||IBM-CICS Interview Questions|
|COBOL Interview Questions||Linux Interview Questions|
|IBM-JCL Interview Questions||IBM Mainframe Interview Questions|
|IBM AIX Interview Questions||IBM WAS Administration Interview Questions|
|IBM Lotus Domino Interview Questions||IBM Integration Bus Interview Questions|
|Mainframe DB2 Interview Questions||Unix Production Support Interview Questions|
Ibm Mainframe Tutorial
Introduction To Software Development
Introduction To Ibm Mainframes
Tso And Ispf
Jes2, ]es3 And Sms
Introduction To Job Control Language (jcl)
The Job Statement
The Exec Statement
The Job And Exec Statements
The Dd Statement
Procedures And Symbolic Parameters
Generation Data Groups (gdg), Compile/link-edit And Run Jcls
Access Method Services (ams)
Additional Vsam Commands
Introduction To Rexx
Overview Of Rexx
Introduction To Cics
Exception Handling In Cics
Developing A Cics Application
Cics Programming Techniques
Basic Mapping Support (bms)
Transient Data Control
Temporary Storage Control
Interval And Task Control
Cics Application Design
Recovery And Restart
System Security And Intersystem Communication
Cics Debugging Facilities And Techniques
Bms Map Definition Macros And Copylib Members
Cics Response And Abend Codes
Data, Information And Information Processing
Introduction To Database Management Systems
Introduction To Relational Database Management Systems
Database Architecture And Data Modeling
Overview Of Db2
Structured Query Language (sql)
Data Security And Access
Db2 Application Development
Qmf And Db2i
Db2 Performance Monitoring, Utilities And Recovery/restart
Overview Of Information Management System (ims)
Introduction To Vs Cobol Ii
Overview Of Application Development In Vs Cobol Ii
Overview Of The Cobol Program
Sorting And Merging Files
Coding Cobol Programs That Run Under Cics. Ims, Db2 And Ispf
Compiling The Program
Link-editing The Program
Executing The Program
Improving Program Performance
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.