EncartaLabs

CA ACF2 - Advanced Administration

( Duration: 2 Days )

The CA ACF2 - Advanced Administration training course will introduce additional features of CA ACF2 Security for z/OS (CA ACF2) that provide default protection for mainframe operating systems. Topics covered in class include maintaining infostorage records (such as scope, shift, profile and cross-reference) and defining the global system options, as well as working with the FDR, LIDREC DSECT and ACF commands and utilities.

By attending CA ACF2 - Advanced Administration workshop, Participants will learn on how to:

  • describe how CA ACF2 provides protection by default
  • describe the CA ACF2 control databases
  • describe and maintain the macros of the Field Definition Record (FDR) and LIDREC DSECT
  • describe and update the Global System Options (GSO)
  • maintain Infostorage Records, including cross-reference records, scope, shift, and profile records
  • use ACF commands, subcommands, and console commands

  • Understanding of data processing concepts and terminology
  • Experience with TSO/ISPF

  • Security Administrators
  • Systems Programmers
  • Security Auditors
  • Database Administrators

COURSE AGENDA

1

Overview

  • Data Security
  • System Entry Validation
  • Password Controls
  • Data and Resource Controls
  • Audit Concerns
  • Default Protection
  • Control Databases
  • Logon ID Database
  • User Identification (UID) String Concept
  • Access Rule Database
  • Infostorage Database
  • Infostorage Record Classes
  • Global System Options ( GSO) Records
  • ACFFDR
  • System Options
  • Security Modes
2

ACF Field Definition Record

  • About UID
  • UID Design Considerations
  • Creation Steps
  • @UID Macro
  • Logon ID Field Definition — @CFDE
  • Logon ID Field Definition — LIDREC DSECTS
  • Defining UID Fields
  • Defining UID DSECT
  • LIST Using the UID String
  • CHANGE Using the UID String
  • DELETE Using the UID String
  • ACFRPTSL — Selected Logon ID List
  • ACFFDR Record
  • CA-ACF2 Macros
  • Logon ID Considerations
  • Dataset Name Allocation
  • Create Supervisor Call — @CSVC Macro
  • System Management Facility
3

Describe Global System Options

  • GSO Records
  • Password Management
  • RESWORD Record
  • PWPHRASE Record
  • System Access Considerations
  • Auditing and Logging Controls
  • Miscellaneous Options
  • STC Access Considerations
  • STC Record
  • STC Record Examples
4

Maintain Global System Options

  • Rule Maintenance Options
  • Security Boundaries for DASD
  • Security Boundaries for Tape
  • Security Boundaries Example
  • CA-ACF2 User Exits
  • Resident Rules and Directories
  • TSO Record
  • Controlling TSO
  • Unix Security UNIXOPTS
  • Digital Certificates
  • CERTMAP
  • CRITMAP
  • CLASMAP Records
  • SAFDEF Records
  • Message During Warn Mode
  • Tape BLP
  • Programs to be Logged
  • Protected Program List
  • System Maintenance Programs
  • CA ACF2 Database Backup
  • Displaying System Options
  • GSO Subcommands (8 slides)
  • Primary ISPF Menu
  • CA ACF2 Option Selection Menu
  • Inserting a GSO Record
5

Cross Reference Record Types and Groupings

  • Cross-Reference Record Types
  • Cross-Reference Records
  • Source Groups
  • Using Source Groups
  • Source Group Commands
  • Using Source Groups
  • Resource Groups
  • Resource Groupings
  • Resource Grouping Utility
  • Resource Group Commands
  • Grouping Groups
  • Role Group Utility, Role Group Commands
  • Grouping Role Groups, Role $ROLESET
6

Shift, Zone and Scope Records

  • Shift Records
  • Shift Key Structure
  • Zone Records
  • Part Time Access
  • Shift Control of Resource Access
  • Shift Commands
  • Zone Commands
  • Scope List Principle, Scope List Key Structure, Scope List Key Example
  • Scope Lists, Scope List Purpose, Scope List Parameters
  • Scope Commands (SET SCOPE(SCP), INSERT…CHANGE …LIST …DELETE …)
  • CASECAUT Resource Class
  • ACFCMD.USER.* fields in CASECAUT class
7

Profile Records and Commands

  • Profile Record Types, Profile Records
  • General Profile Record Types
  • USER Profile Record Types
  • Profile Record Structure
  • USER Profile Commands
  • Seamless Profile Command Example
  • OMVS Profile Data Record, OMVS Show commands
  • Data Classification Option, DCO Record DATA
  • DCO Record commands, CERTDATA Digital Certificate
  • CERTDATA Commands, PTKTDATA Passtickets
  • ACFRPTEL
8

Commands and Utilities

  • Issue in Any CA ACF2 Command Setting
  • HELP Output — Sample for LIST
  • O/S Operator Commands
  • O/S Operator Modify Commands
  • ACFRPTPP
  • ACFRPTNV Environment Log
  • ACFRPTNV

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top