If you are enrolling in a Self Paced Virtual Classroom or Web Based Training course, before you enroll, please review the Self-Paced Virtual Classes and Web-Based Training Classes on our Terms and Conditions page, as well as the system requirements, to ensure that your system meets the minimum requirements for this course.

http://www.ibm.com/training/terms

Learn how to administer the z/OS Security Server Resource Access Control Facility (RACF). Get an introduction to the z/OS environment, Time Sharing Option (TSO) and Interactive System Productivity Facility / Program Development Facility (ISPF/PDF), batch processing, and z/OS data sets. Gain experience with z/OS by viewing, and allocating datasets, submitting a batch job, and viewing job output. Learn how to use basic RACF command parameters, and panels, to define users and groups, protect general resources, z/OS data sets, and choose a basic set of RACF options.

Course Materials

The course materials cover z/OS Security Server RACF.

Hands-On Labs

Nine labs are included to address logging on to the z/OS system, working with z/OS data sets, submitting batch jobs to z/OS, using System Display and Search Facility (SDSF) to view jobs in the system, defining a RACF group structure, RACF user administration, delegating security administration, protecting z/OS data sets, and using RACF for TSO administration.

Hands-on lab projects may be done in teams depending on the number of attendees and location.

There is also an instructor-led online version of this course: Basics of z/OS RACF Administration - ILO (EZ191)

Training Path

This course is part of an IBM Training Path. Taking this course in the recommended sequence allows you to maximize the benefits from your education.

http://www.ibm.com/services/learning/ites.wss/us/en?pageType=page&contentID=a0000627

• Understand the basic features and concepts of zSeries architecture and of the z/OS operating system as they relate to security administration
• Describe the allocation process for data sets in the z/OS environment
• Understand how programs access data sets and how RACF security interacts in that process
• Identify the security requirements of an z/OS system
• Use basic facilities and features of RACF
• Define new users and groups to RACF
• Use RACF to protect z/OS data sets and general resources
• Select a base set of options to tailor RACF

This is a basic course for individuals who are new to z/OS and the z/OS Security Server RACF and who administration security using the RACF element of the z/OS Security Server.

Experienced z/OS users should take:

• Effective RACF Administration (BE87)

Some familiarity with z/OS system facilities is beneficial. Background material needed to proceed is presented the first day.

Review of z/Architecture and z/OS

• describe z/Architecture
• provide an overview of z/OS and its components
• explain the concept of virtual storage and its exploitation in z/OS
• list the different kinds of data sets and discuss their management in z/OS
• name the main end-user interfaces of z/OS

An introduction to ISPF and ISPF/PDF

• name and describe the components of ISPF
• log on to the lab system of this class
• log off from the lab system of this class
• start ISPF/PDF
• provide an overview of the structure of ISPF/PDF panels
• alter the ISPF/PDF settings
• use ISPF/PDF to view a data set

An introduction to data sets

• describe data management concepts
• explain the data set allocation process
• describe the catalog structure
• explain how data sets are defined and used
• allocate a new data set
• edit a data set using ISPF/PDF
• delete a data set
• use ISPF/PDF data set list

Batch processing

• name and explain the Job Entry Subsystem 2 (JES2) job processing phases
• describe the general layout of a job
• list and describe the components of a Job Control Language (JCL) statement
• submit a batch job to z/OS
• use ISPF 3.8 and SDSF to handle the job output

Security and RACF overview

• explain the role RACF plays in data security
• list the four major functions of RACF
• explain how RACF allows or denies a user access to a resource, given a diagram of RACF's resource authorization checking process
• define the terms Universal Access Authority (UACC), access list, user profile, and resource profile
• describe the role of the security administrator and the auditor
• explain the features of RRSF

Administering groups and users

• describe the group structure in RACF
• create a group structure by defining appropriate RACF group profiles
• define new users to RACF
• implement a centralized or decentralized administrative structure

Protecting z/OS data sets

• state the differences between generic and discrete data set profiles
• explain the process RACF uses to grant or deny user access to a data set
• use the RACF commands or panels to define data set profiles

Introduction to general resources

• describe the concepts of general resources
• add a Time Sharing Option (TSO) user to RACF
• add a UNIX System Service user to RACF
• set up a user help desk function

RACF options

• understand the impact that RACF options have on an installation
• identify those options that require special planning before activation
• identify a basic set of options appropriate for an installation

Other administrative facilities and features

• describe the use of the global access table
• describe the purpose of the started procedure table
• define a protected user
• explain the use of the restricted user attribute
• use the RACF database unload utility to document your RACF system
• describe how to map a digital certificate to a RACF userid

Prior to enrolling, IBM Employees must follow their Division/Department processes to obtain approval to attend this public training class. Failure to follow Division/Department approval processes may result in the IBM Employee being personally responsible for the class charges.  

GBS practitioners that use the EViTA system for requesting external training should use that same process for this course.  Go to the EViTA site to start this process: https://b25acidbw07.con.can.ibm.com/BCS/BCSVTEnrl.nsf/Billing%20Info?OpenPage

Once you enroll in a GTP class, you will receive a confirmation letter that should show:

• The current GTP list price
• The 20% discounted price available to IBMers. This is the price you will be invoiced for the class.