SlideShare a Scribd company logo

RACF Managers Operating Standards_Procedures.ppt

Download as PPT, PDF
S
ssuser45a8a6

This document provides training and instructions for RACF managers and backups on administering user accounts and access controls in RACF. It describes the basic concepts of RACF, the RACF manager panel interface, and procedures for adding, updating and deleting users. Managers are responsible for carefully managing user accounts and access groups to protect data confidentiality and integrity. The document guides managers through using the RACF panel to view users, change passwords and group memberships, and maintain proper local access controls for systems.

Data & Analytics
1 of 67
RACF MANAGER’S OPERATING STANDARDS AND PROCEDURES Texas Workforce Commission Data Processing Department
TWC RACF Training 2 Training for RACF Managers and Backups Presented by the Data Processing Department of the Texas Workforce Commission Please track this presentation on your “Slides for TWC RACF Training” Printout
TWC RACF Training 3 RACF Managers and Backups are Security Guardians  Protect Information resources from unauthorized disclosure, modification, and destruction  Careful and consistent User Account Administration by RACF Managers/Backups – Management of accounts is a key component in the protection of data, its confidentiality and integrity – Assures proper RACF access controls and RACF maintenance – Facilitates local access and accountability for TWC resource systems use
TWC RACF Training 4 Introduction  The following brief narrative will describe the basic concepts that drive the RACF system. It is not necessary that you understand how the RACF system works to maintain the RACF system locally, but a cursory understanding will help you to appreciate what happens internally when you perform some RACF activity.
TWC RACF Training 5 Basic RACF Concepts  RACF (Resource Access Control Facility) allows the agency to define users who can access protected resources and relates how users can access the protected resources.  When a user is defined to the system, RACF builds and stores a user profile in the RACF data set. The profile contains a description of the user for RACF including name, user ID, owner, and other user characteristics. The local Information Security manager who defines a new user to RACF becomes the “owner” of the new user. An owner has the capability to modify, list and delete the user’s responsibilities and work assignment.
TWC RACF Training 6 RACF Group Managers Panel  To define users to RACF, a unique panel has been developed. This panel is called the Group Managers Panel because it is used by local Information Security managers to add, modify and delete users. (Note: Groups and Resources are defined to RACF by the RACF Administration unit).  An Information Security Manager has a special user code that allows him or her to access the RACF Group Managers Panel and perform certain RACF authorized activities, such as adding, updating, or deleting a user.
TWC RACF Training 7 RACF Group Managers Panel  The RACF Group Managers panel is on the Time-Share Option (TSO) system. The manager is authorized to use the TSO system for RACF Manager panel activities only.
TWC RACF Training 8 The manager signs on by typing “TSO” on the system request panel
TWC RACF Training 9 After entering this, the system will request the Information Security manager’s user ID (IKJ56700A ENTER USERID). This user ID will be provided by the RACF Administration unit.
TWC RACF Training 10 When the manager enters his user ID (Mnnnn), the TSO/E LOG-ON screen will appear. The manager now enters his or her password (6 to 8 alphanumeric characters).
TWC RACF Training 11 After entering the password and pressing enter, the manager will receive log- on data and any current messages addressed to his TSO user ID. When three asterisks (***) appear on the last line, log-on to TSO is complete, and the manager need only to depress the ENTER key to receive the RACF Managers Menu.
TWC RACF Training 12 RACF Manager’s Menu
TWC RACF Training 13 RACF Group Managers Panel  If the Information Security Manager or Backup revokes their management ID or forgets their password, they will have to contact the RACF Administration Unit for assistance. Only the RACF Administration Unit can unrevoke or issue a new temporary password for an Information Security Manager or Backup.  Once the manager or backup have completed sign-on and are on the RACF system, they may now perform the actions required, or if in doubt, they can enter HELP on the COMMAND LINE or depress the F1 key for HELP. The HELP command will produce the RACF TUTORIAL, step-by-step instructions on how to use the manager’s panel.
TWC RACF Training 14 RACF Tutorial Menu
TWC RACF Training 15 Group Manager’s Practice Panels  A practice panel has been established for Information Security Managers to use to sharpen their skills or gain experience without the fear of “messing things up”. This panel is a close replica of the actual panel an Information Security Manager will use. The panel will permit the manager or backup to perform any of the functions he or she may be required to perform on the actual office panel. The practice panel will reset itself to its original condition when the manager or backup signs off. Any changes made to the panel, whether correct or incorrect, will be erased when the END (F3) key is depressed.  To access the manager’s practice panel the user can use a practice manager’s ID. The practice IDs used are M9991, M9992, M9993, M9994 or M9995. All manager practice passwords are TWC12345. Signing on to TSO as M9991 with the password of TWC12345 will access the manager’s practice panel. The manager’s practice panel may be more instructive if used in conjunction with this manual.
TWC RACF Training 16 Manager’s Panel Sections  The Information Security Manager’s Panel is made up of four parts: the COMMAND LINE, the USER WORK AREA, the GROUP WORK AREA, and the TABLE OF USERS
TWC RACF Training 17 The COMMAND LINE communicates instructions to the RACF system.
TWC RACF Training 18 Manager’s Panel Sections  Between the COMMAND LINE and the USER WORK AREA is a line of function keys (and an explanation of that function) that will assist the manager in performing certain actions. A complete listing of all function keys can be obtained by typing “KEYS” on the command line and pressing the ENTER key.  Below the Function key line is a heading line describing the items appearing in the USER WORK AREA.
TWC RACF Training 19 The USER WORK AREA displays individual users on command.
TWC RACF Training 20 The GROUP WORK AREA lists the access groups the manager may assign to his users.
TWC RACF Training 21 The TABLE OF USERS lists the users in the office who have been defined to RACF.
TWC RACF Training 22 Command Line
TWC RACF Training 23 Manager’s Panel Sections  The COMMAND LINE is where the manager can communicate instructions to the RACF system, indicating what may be done. The command line is indicated by the following characters.  COMMAND ===>  All commands can be entered on this line. Some commands have a Function (F) key assigned to them. Pressing the Function (F) key is the same as entering that command on the COMMAND LINE. Below the COMMAND LINE is the line of available F keys.
TWC RACF Training 24 Primary Commands Command/F Key Abbreviation Function ADD A The information in the work area is used to create a new user. CLEAR C Clear the work area. DELETE D Delete user specified in the work area. END/F3 END Go back one level. GET G XXX Fill in the work area with user XXX. HELP/F1 HELP Request information. KEYS KEYS Display F key meanings. POINT P X Display line with primary sort field greater than or equal to X. The default for X is "A". UPDATE U Update user specified in the work area.
TWC RACF Training 25 Secondary Commands Command/F Key Abbreviation Function LEFT #/F10 L # Move group area in table area left # number of columns. The default for # is one. RIGHT #/F11 R # Move group area in table area right # number of columns. The default for # is one. BACKWARD #/F5 B # Go back # number lines in the group work area. The default for # is one. FORWARD #/F6 F # Advance # number lines in the group work area. The default for # is one.
TWC RACF Training 26 Secondary Commands SELECT # S # 1. Select and display users who have group characters equal to Y as specified in the command line parameter #. # can be up to 6 group numbers. EXAMPLE: S 4,7,8 2. Specify (Y or N). EXAMPLE: S N,4,11,Y,5,9 Plus selection criteria specified in group work area. MEANING # M # Display up to six meaning panels. EXAMPLE: M 2,6,8
TWC RACF Training 27 To the right of the COMMAND LINE is the SCROLL command, which is highlighted on the screen below.
TWC RACF Training 28  The space after the arrow is the SCROLL amount entry field. This parameter indicates how many lines of users are advanced in the TABLE of USERS when the UP and DOWN commands or the F7 and F8 keys are used.
TWC RACF Training 29 The scroll amount area is indicated by: SCROLL=== PAGE The default as noted is PAGE. The acceptable entries in this field and their meanings are listed below. Command Description MAX Scroll to the top or bottom PAGE Scroll the number of lines displayed HALF Scroll half of the page CSR Scroll to the line where the cursor is displayed DATA Scroll a page minus one. 1 thru 9999 Scroll this many lines
TWC RACF Training 30 The USER WORK AREA is the two lines directly below the F key line. A duplication of the USER WORK AREA appears below:
TWC RACF Training 31 The top line of the USER WORK AREA identifies the entry fields in the line below for all categories except the TAG. No additional area is needed for the TAG. Workspace Field Instruction Password Only appears when entered by the Manager during an ADD or UPDATE. UID Three character user identification. First character must be an alphabetic character. SSN Nine digit Social Security number of the user. NAME Twenty character user name, last name first, First name and middle initial.
TWC RACF Training 32 GROUP Local office or department. Usually Lnnnn (where nnnn is the local office or department number). TSO ACCT Nine character number for accounting purposes, assigned by the RACF Administration Unit. TAG Character placed on the left of the USER in the TABLE OF USER AREA to identify specific users.
TWC RACF Training 33 Before each identifier (UID, SSN, Name, etc) there is an entry field that can be set to: Y Display this field as one of the fields in the TABLE OF USERS. N Do not display this field. S Display the TABLE OF USERS entries in ascending sequence by this field. (i.e., S in front of SSN will arrange the list of users in ascending SSN order.) P Display the TABLE OF USERS entries in ascending sequence by this field. (i.e., P in front of NAME will arrange the list of users in alphabetic order by name). The P can be used as the primary sort in conjunction with the S as a secondary sort.
TWC RACF Training 34 Group Work Area The GROUP WORK AREA contains a list of the access groups (authority codes into which the manager may put users. Membership in an access group gives the user the authority to perform certain functions. An example of a group area appears below: __01-REVOKED __02-GROUPA __03-GROUPB __04-GROUPC __05-GROUPD __06-GROUPE __07-GROUPF
TWC RACF Training 35 Associated with each access group name is a one-character entry field represented by __ and a group number. The group number identifies the group with a column in the TABLE OF USERS. When a user is in the USER WORK AREA and he is in a group, the character “Y” (yes) appears in the column; if a user is not in a group, it is empty ( __ ).
TWC RACF Training 36 These groups are delegated to a manager by the RACF Administration Unit as directed by the owner of the functions. A full explanation of the access groups and what functions they authorize a user to perform can be obtained by entering a “M” in the entry field next to any group in the GROUP WORK AREA. The initially delegated groups should include all the office’s present needs. Additional groups will be delegated to the manager as the need develops or groups may be requested from RACF Administration with justification in writing. (See HOW TO GET ADDITIONAL ACCESS GROUPS.)
TWC RACF Training 37 Table of Users  The TABLE OF USERS lists the operators assigned to each office, one operator per line. Each line (by default) contains the user id (UID), name and group membership field. The fields can be selectively displayed, and the table can be sorted by any of the user fields (see USER WORK AREA). Each Y in a column of a user line indicates membership in an access group. Each column has a group number as a heading and each group number is identified with an access group in the GROUP WORK AREA.
TWC RACF Training 38  If the list of users is longer than the screen will accommodate, the additional users in the list can be viewed by using the UP and DOWN commands or the F7 and F8 keys (see SCROLLING under PRIMARY COMMANDS).
TWC RACF Training 39 Adding a User to RACF  A user can be added to the TABLE OF USERS in the following manner:  CAUTION: Be sure to clear the WORK AREA before adding a user. This can be done by typing a “C” on the COMMAND line and pressing enter.
TWC RACF Training 40 Work Space Instruction COMMAND LINE Type “A” or “ADD” after the Command => USER WORK AREA Move the cursor to the entry field below the PASSWORD in the USER WORK AREA and type the user’s temporary password. The password must be unique and 6 to 8 alphanumeric characters long. This temporary password will be used only for initial sign on. The user will be required to supply a personal password good for 60 days on initial sign on.
TWC RACF Training 41 Type the three-character user identification under the UID in the USER WORK AREA. The first character must be an alphabetic character. If the user ID is already in use, RACF will notify the manager with the message “xxx ALREADY EXISTS” in the upper right hand corner of the screen when the data is entered. The manager must select another UID until he is successful. NOTE: After receiving message “UID already exists” press F1 to obtain up to four UID alternatives created by RACF. If you do not wish to use one of the created UIDs, just enter a new option and press “ENTER” again.
TWC RACF Training 42 Type the nine-digit Social Security number in the space under SSN. Type the user’s name, last name first, in the space below NAME. The name can be up to 20 characters long. (e.g. Greene, William P.) NOTE: The name field will not accept an apostrophe. For names such as O’Conner or O’Brien, omit the apostrophe and enter the name as OConner and OBrien.
TWC RACF Training 43 GROUP WORK AREA Type a “Y” (yes) in the entry field to the left of every access group where membership is desired. If an office has more than 35 access groups, the FORWARD (F) and BACKWARD (B) Commands, or the F5 and F6 keys can be used. (See Secondary Commands) NOTE: The cursor can be returned to the COMMAND LINE by depressing the HOME key.
TWC RACF Training 44 Updating a RACF User Workspace Instruction COMMAND LINE Type “G xxx” or GET xxx” after COMMAND ===>, where xxx is the User ID of the user to be changed. Press ENTER. The user xxx will be placed in the USER WORK AREA. Type “U” or “Update” after COMMAND ===>. USER WORK AREA Overtype any changes to be made to the user fields: PASSWORD, SSN or NAME.
TWC RACF Training 45 GROUP WORK AREA Type a “Y” (yes) in the entry field to the left of every access group where membership is desired. Space out any “Y” where membership is to be removed. Check your work and then press ENTER. If successful, RACF will print the message: “USER xxx UPDATED” in the upper right hand corner of the panel. NOTE: An Information Security manager cannot change his/her own or the Backup manager’s user profile. Only the RACF Administration Unit can update management profiles. If assistance is needed to unrevoke a manager’s ID or obtain a temporary password, the RACF Administration Unit should be contacted.
TWC RACF Training 46 Updating Multiple RACF Users  Updating multiple RACF users simultaneously can be done by using the “TAG” function. The TAG function is helpful when an office has a large number of RACF users that need to be updated.  Contact the Racf Administration Unit for more information using the TAG function.
TWC RACF Training 47 Revoking/Un-revoking a RACF User Workspace Instruction COMMAND LINE Type “G xxx” or “Get xxx” after COMMAND ===> where xxx is the user ID of the user to be changed. Press ENTER. The user xxx will be placed in the USER WORK AREA. Type “U” or “Update” after COMMAND ===> GROUP WORK AREA Type a “Y” (yes) in the entry field to the left of 01-REVOKE group when a user is to be denied logon access. Space over the “Y” if the user is to be unrevoked (user access to logon restored). Check your work and then press ENTER. If successful, RACF will print the message “USER xxx UPDATED” in the upper right corner of the panel. NOTE: When un-revoking a user, the manager should also determine if the User needs a new temporary password.
TWC RACF Training 48 Deleting a RACF User Workspace Instruction COMMAND LINE Type “G xxx” or “GET xxx” after the COMMAND ===> where xxx is the user ID of the user to be deleted. Press ENTER. The user xxx will be placed in the USER WORK AREA. Check that the user is the correct one. Type “D” or “Delete” after Command ===>, then press ENTER. If successful, RACF will print the message “USER xxx Deleted” in the upper right corner of the panel.
TWC RACF Training 49 Transferring a User If a user is being transferred to another TWC office, the UID can be transferred by the RACF Administration Unit without the user losing their password. The request can come from either the receiving or losing Local Security Manager. The request should be sent to the RACF Administration Unit and must contain the name and UID of the user being transferred along with the name of the receiving and losing offices. The user will be transferred to the new RACF group with all access deleted except the basic sign-on and inquiry (AC01 & AC02). The managers will be notified when the transfer is complete and the new manager will be advised to provide the user with the appropriate access for the new job assignment.
TWC RACF Training 50 Access Groups and What They Mean  It is the manager's responsibility to understand the job assignment of the user and what access code(s) is needed for that job. If the manager is unsure of the user’s job assignment, the manager should check with the user’s Supervisor. The user's access should be limited to only the access codes needed to do the job assigned.  To access the meanings of access codes, the manager signs on to the Information Security Managers Panel. By placing an "M" in the entry field of the access group for which he/she desires the meaning and then depressing the ENTER key, a list of the transactions will appear. Returning to the manager's panel can be accomplished by using the F3 key.
TWC RACF Training 51 How to get Additional Access Groups From time to time, when additional functions are developed, the program department that is responsible for that function will request that the RACF Administration Unit assign an access group. The department will inform potential users how to access the new function. Information Security Managers will be notified of the new access group if it is to be assigned to users in their office. If an Information Security Manager believes that his /her office should have an access group that it currently does not have, he/she should make this request in writing to the RACF Administration Unit.
TWC RACF Training 52 Office Openings and Closings When a TWC Office, WDA Office, State Office Department or other major organizational entity using TWC computer services is opened or closed or an organizational change is contemplated, the RACF Administration Unit should be notified in writing. The user id's for the manager and the backup will be created or deleted as needed. This will prevent the disruption of computer services. The necessary authority codes will also be granted at this time.
TWC RACF Training 53 RACF ACTIVITY REPORTS  Function 4 on the RACF MANAGERS MENU is the 'BROWSE RACF REPORTS FOR GROUPS function. The RACF report documents when a user attempts sign-on with an incorrect password, accesses an unauthorized function or attempts to modify resources without proper authority. This function allows the local security manager to look at the RACF activity for the previous seven days.  Ideally, the manager should look at the reports daily, but when time does not permit daily review, the manager should browse the reports at least weekly.
TWC RACF Training 54 Accessing the RACF Reports Access to the Reports function is on the RACF Managers Menu. The local security manager enters the number '4’ after SELECT OPTION ===> and depresses the ENTER key. The secondary screen displays a list of reports for the previous seven days. If there is no user activity for the group on a particular date, the report will not be generated.
TWC RACF Training 55 To view a report, position the cursor and type an ‘S’ in front of the report which represents the day desired. The last number of the report (1-7) represents the day of the report. (Day 1 is the previous day’s report.)
TWC RACF Training 56 Headings on the RACF Report. The RACF Report is too wide to fit on the screen so it is viewed as two halves. The left half identifies the circumstances surrounding the event and the right half discusses the event. You can move between the left and right halves by toggling the F10 (left) and F11 (right) keys.
TWC RACF Training 57 RACF Report LISTING OF PROCESS RECORDS VIOLATIONS (LEFT SIDE)
TWC RACF Training 58 RACF Report LISTING OF PROCESS RECORDS VIOLATIONS (RIGHT SIDE)
TWC RACF Training 59 What the RACF Reports Mean The RACF reports collect information on system sign on and access events. Although there are numerous events that could cause a report to be produced, there are basically seven events for which a local Information Security Manager should be aware. All involve either sign on or access violations. The following events should be noted: EVENT/QUAL DESCRIPTION 1 1 The user has attempted to sign on with an invalid password. 1 6 The user attempted to sign on with a revoked user ID. 1 7 The user's ID is automatically revoked. 1 25 The user's current password has expired. 1 26 The user has selected an invalid new password. 2 1 The user has insufficient authority to access the resource
TWC RACF Training 60 Monthly RACF Inactivity Reports  Information Security Managers receive monthly RACF reports of TWC mainframe RACF IDs for their office/area that show IDs which have not been used in 90 and 180 days. Employee IDs on the 180-day report have been automatically deleted. If offices have any employees on extended leave whose IDs should not be deleted, please contact RACF Administration.  Information Security Managers should review the 90-day lists to determine if any IDs need to be deleted. User IDs that have not been used recently merit investigation to determine if they should be deleted. To help isolate IDs for investigation, the report includes: whether the ID is revoked and the last access date.
TWC RACF Training 61 RACF IDs not in CHAPS Report  Information Security Managers may also receive an additional report that lists RACF IDs which do not correspond with employees in the TWC Peoplesoft Human Resources personnel file. This list is a result of a social security number crossmatch. You may find that the ID is current, but the SSN is incorrect in RACF. If this is the case, the Security Manager will want to correct the SSN in RACF to prevent the ID from appearing on future reports.  Information Security Managers should keep their RACF table of users current.
TWC RACF Training 62 Information Resources Usage Agreement (IRUA also known as the “P-41”)  Signed declaration of user’s understanding, acknowledgement, and endorsement  Required to protect the integrity of information resources on TWC systems – All users must sign the TWC Information Resources Usage Agreement (IRUA or P-41) before access is given to an account – Users of TWC systems must have a signed TWC IRUA/P-41 on file and such agreement shall be reaffirmed annually
TWC RACF Training 63 Log All Work as RACF Manager  Record and Date (in Word or Excel)  New Users – Log the new user id and requestor  Modifications – Resets – Changes to access privileges (such as additions, deletions)  Deletions – Log the user id and requestor
TWC RACF Training 64 RACF Manager and Backup Responsibilities  Insure consistent controls for TWC’s information resources  Decrease potential risks associated with information technology
TWC RACF Training 65 Documentation and Support  Retain the class handout as your RACF manual.  If you have questions, contact racf.administration@twc.state.tx.us [“RACF Administration” in the global.]  If you have access to TWC’s Intranet – Link via “Manuals” menu, Data Processing, Manuals – Link through the url: http://intra.twc.state.tx.us/intranet/its/html/iris_racf_ops.html
TWC RACF Training 66 Notes:
TWC RACF Training 67 Notes:

Recommended

Module 02 teradata basics
Module 02 teradata basicsModule 02 teradata basics
Module 02 teradata basics
Md. Noor Alam
 
Modul PLC Programming.pdf
Modul PLC Programming.pdfModul PLC Programming.pdf
Modul PLC Programming.pdf
MOCHAMAD RIZKY BINTANG ARDYANSYAH
 
BD BACTEC FX40 system service training
BD BACTEC FX40 system service trainingBD BACTEC FX40 system service training
BD BACTEC FX40 system service training
Rolando Algarin
 
ERP Magazine April 2018 Issue 1
ERP Magazine April 2018 Issue 1 ERP Magazine April 2018 Issue 1
ERP Magazine April 2018 Issue 1
Rehan Zaidi
 
ERP Magazine April 2018 - The magazine for SAP ABAP Professionals
ERP Magazine April 2018 - The magazine for SAP ABAP ProfessionalsERP Magazine April 2018 - The magazine for SAP ABAP Professionals
ERP Magazine April 2018 - The magazine for SAP ABAP Professionals
Rehan Zaidi
 
0103 navigation
0103 navigation0103 navigation
0103 navigation
vkyecc1
 
Pm end-user-manual
Pm end-user-manualPm end-user-manual
Pm end-user-manual
Sandeep Kumar
 
Pm imp. book
Pm imp. bookPm imp. book
Pm imp. book
Rajnish Kumar Shukla
 

Recommended

Module 02 teradata basics
Module 02 teradata basicsModule 02 teradata basics
Module 02 teradata basics
Md. Noor Alam
 
Modul PLC Programming.pdf
Modul PLC Programming.pdfModul PLC Programming.pdf
Modul PLC Programming.pdf
MOCHAMAD RIZKY BINTANG ARDYANSYAH
 
BD BACTEC FX40 system service training
BD BACTEC FX40 system service trainingBD BACTEC FX40 system service training
BD BACTEC FX40 system service training
Rolando Algarin
 
ERP Magazine April 2018 Issue 1
ERP Magazine April 2018 Issue 1 ERP Magazine April 2018 Issue 1
ERP Magazine April 2018 Issue 1
Rehan Zaidi
 
ERP Magazine April 2018 - The magazine for SAP ABAP Professionals
ERP Magazine April 2018 - The magazine for SAP ABAP ProfessionalsERP Magazine April 2018 - The magazine for SAP ABAP Professionals
ERP Magazine April 2018 - The magazine for SAP ABAP Professionals
Rehan Zaidi
 
0103 navigation
0103 navigation0103 navigation
0103 navigation
vkyecc1
 
Pm end-user-manual
Pm end-user-manualPm end-user-manual
Pm end-user-manual
Sandeep Kumar
 
Pm imp. book
Pm imp. bookPm imp. book
Pm imp. book
Rajnish Kumar Shukla
 
Complete list of all sap abap keywords
Complete list of all sap abap keywordsComplete list of all sap abap keywords
Complete list of all sap abap keywordsPrakash Thirumoorthy
 
SAP SD QUERY REPORT_GANESH
SAP SD QUERY REPORT_GANESHSAP SD QUERY REPORT_GANESH
SAP SD QUERY REPORT_GANESH
Ganesh Tarlana
 
Extract from TEMS Investigation 17.0 Help
Extract from TEMS Investigation 17.0 HelpExtract from TEMS Investigation 17.0 Help
Extract from TEMS Investigation 17.0 HelpPeter Eriksson
 
Ab ap faq
Ab ap faqAb ap faq
Ab ap faqalok khobragade
 
Db2
Db2Db2
Db2
yboren
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commands
ssusere31b5c
 
SAP ABAP Interview Questions-XploreSAP Online Trainings
SAP ABAP Interview Questions-XploreSAP Online TrainingsSAP ABAP Interview Questions-XploreSAP Online Trainings
SAP ABAP Interview Questions-XploreSAP Online Trainings
Pooja Arani
 
CASE STUDY InternetExcel Exercises, page 434, textRecord your.docx
CASE STUDY InternetExcel Exercises, page 434, textRecord your.docxCASE STUDY InternetExcel Exercises, page 434, textRecord your.docx
CASE STUDY InternetExcel Exercises, page 434, textRecord your.docx
keturahhazelhurst
 
My cool new Slideshow!
My cool new Slideshow!My cool new Slideshow!
My cool new Slideshow!Anas Mohammed
 
Abap tcodes
Abap tcodesAbap tcodes
Abap tcodessaikrishna506
 
Tso and ispf
Tso and ispfTso and ispf
Tso and ispfsatish090909
 
Change transport system in SAP
Change transport system in SAP Change transport system in SAP
Change transport system in SAP
chinu141
 
Testing File
Testing FileTesting File
Testing File
malikredpot
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba, a Hewlett Packard Enterprise company
 
Sap S4 HANA PM Online training +918660816919
Sap S4 HANA PM Online training +918660816919Sap S4 HANA PM Online training +918660816919
Sap S4 HANA PM Online training +918660816919
Senthil kumar
 
Copy of 22_Mobile Data entry.pptx
Copy of 22_Mobile Data entry.pptxCopy of 22_Mobile Data entry.pptx
Copy of 22_Mobile Data entry.pptx
MAYANKJAIN782497
 
Siemens micro master 440 pli en-1203
Siemens micro master 440 pli en-1203Siemens micro master 440 pli en-1203
Siemens micro master 440 pli en-1203
Dien Ha The
 
Siemens micro master 440 pli en-1202
Siemens micro master 440 pli en-1202Siemens micro master 440 pli en-1202
Siemens micro master 440 pli en-1202
Dien Ha The
 
Distributed Control System Operation seminar
Distributed Control System Operation seminarDistributed Control System Operation seminar
Distributed Control System Operation seminar
Ahmed Ramadan
 
Dcs operator training
Dcs operator trainingDcs operator training
Dcs operator training
Saudi International Petrochemical Company
 
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
haila53
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
jerlynmaetalle
 

More Related Content

Similar to RACF Managers Operating Standards_Procedures.ppt

Complete list of all sap abap keywords
Complete list of all sap abap keywordsComplete list of all sap abap keywords
Complete list of all sap abap keywordsPrakash Thirumoorthy
 
SAP SD QUERY REPORT_GANESH
SAP SD QUERY REPORT_GANESHSAP SD QUERY REPORT_GANESH
SAP SD QUERY REPORT_GANESH
Ganesh Tarlana
 
Extract from TEMS Investigation 17.0 Help
Extract from TEMS Investigation 17.0 HelpExtract from TEMS Investigation 17.0 Help
Extract from TEMS Investigation 17.0 HelpPeter Eriksson
 
Db2
Db2Db2
Db2
yboren
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commands
ssusere31b5c
 
SAP ABAP Interview Questions-XploreSAP Online Trainings
SAP ABAP Interview Questions-XploreSAP Online TrainingsSAP ABAP Interview Questions-XploreSAP Online Trainings
SAP ABAP Interview Questions-XploreSAP Online Trainings
Pooja Arani
 
CASE STUDY InternetExcel Exercises, page 434, textRecord your.docx
CASE STUDY InternetExcel Exercises, page 434, textRecord your.docxCASE STUDY InternetExcel Exercises, page 434, textRecord your.docx
CASE STUDY InternetExcel Exercises, page 434, textRecord your.docx
keturahhazelhurst
 
My cool new Slideshow!
My cool new Slideshow!My cool new Slideshow!
My cool new Slideshow!Anas Mohammed
 
Change transport system in SAP
Change transport system in SAP Change transport system in SAP
Change transport system in SAP
chinu141
 
Testing File
Testing FileTesting File
Testing File
malikredpot
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba, a Hewlett Packard Enterprise company
 
Sap S4 HANA PM Online training +918660816919
Sap S4 HANA PM Online training +918660816919Sap S4 HANA PM Online training +918660816919
Sap S4 HANA PM Online training +918660816919
Senthil kumar
 
Copy of 22_Mobile Data entry.pptx
Copy of 22_Mobile Data entry.pptxCopy of 22_Mobile Data entry.pptx
Copy of 22_Mobile Data entry.pptx
MAYANKJAIN782497
 
Siemens micro master 440 pli en-1203
Siemens micro master 440 pli en-1203Siemens micro master 440 pli en-1203
Siemens micro master 440 pli en-1203
Dien Ha The
 
Siemens micro master 440 pli en-1202
Siemens micro master 440 pli en-1202Siemens micro master 440 pli en-1202
Siemens micro master 440 pli en-1202
Dien Ha The
 
Distributed Control System Operation seminar
Distributed Control System Operation seminarDistributed Control System Operation seminar
Distributed Control System Operation seminar
Ahmed Ramadan
 
Dcs operator training
Dcs operator trainingDcs operator training
Dcs operator training
Saudi International Petrochemical Company
 

Similar to RACF Managers Operating Standards_Procedures.ppt (20)

Complete list of all sap abap keywords
Complete list of all sap abap keywordsComplete list of all sap abap keywords
Complete list of all sap abap keywords
 
SAP SD QUERY REPORT_GANESH
SAP SD QUERY REPORT_GANESHSAP SD QUERY REPORT_GANESH
SAP SD QUERY REPORT_GANESH
 
Extract from TEMS Investigation 17.0 Help
Extract from TEMS Investigation 17.0 HelpExtract from TEMS Investigation 17.0 Help
Extract from TEMS Investigation 17.0 Help
 
Ab ap faq
Ab ap faqAb ap faq
Ab ap faq
 
Db2
Db2Db2
Db2
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commands
 
SAP ABAP Interview Questions-XploreSAP Online Trainings
SAP ABAP Interview Questions-XploreSAP Online TrainingsSAP ABAP Interview Questions-XploreSAP Online Trainings
SAP ABAP Interview Questions-XploreSAP Online Trainings
 
CASE STUDY InternetExcel Exercises, page 434, textRecord your.docx
CASE STUDY InternetExcel Exercises, page 434, textRecord your.docxCASE STUDY InternetExcel Exercises, page 434, textRecord your.docx
CASE STUDY InternetExcel Exercises, page 434, textRecord your.docx
 
My cool new Slideshow!
My cool new Slideshow!My cool new Slideshow!
My cool new Slideshow!
 
Abap tcodes
Abap tcodesAbap tcodes
Abap tcodes
 
Tso and ispf
Tso and ispfTso and ispf
Tso and ispf
 
Change transport system in SAP
Change transport system in SAP Change transport system in SAP
Change transport system in SAP
 
Testing File
Testing FileTesting File
Testing File
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
 
Sap S4 HANA PM Online training +918660816919
Sap S4 HANA PM Online training +918660816919Sap S4 HANA PM Online training +918660816919
Sap S4 HANA PM Online training +918660816919
 
Copy of 22_Mobile Data entry.pptx
Copy of 22_Mobile Data entry.pptxCopy of 22_Mobile Data entry.pptx
Copy of 22_Mobile Data entry.pptx
 
Siemens micro master 440 pli en-1203
Siemens micro master 440 pli en-1203Siemens micro master 440 pli en-1203
Siemens micro master 440 pli en-1203
 
Siemens micro master 440 pli en-1202
Siemens micro master 440 pli en-1202Siemens micro master 440 pli en-1202
Siemens micro master 440 pli en-1202
 
Distributed Control System Operation seminar
Distributed Control System Operation seminarDistributed Control System Operation seminar
Distributed Control System Operation seminar
 
Dcs operator training
Dcs operator trainingDcs operator training
Dcs operator training
 

Recently uploaded

Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
haila53
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
jerlynmaetalle
 
Empowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptxEmpowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptx
benishzehra469
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
Tiktokethiodaily
 
Business update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMIBusiness update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMI
AlejandraGmez176757
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
ewymefz
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
James Polillo
 
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单
enxupq
 
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
nscud
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
vcaxypu
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
ocavb
 
tapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive datatapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive data
theahmadsaood
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
ewymefz
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Boston Institute of Analytics
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
MaleehaSheikh2
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
enxupq
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
ewymefz
 

Recently uploaded (20)

Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
 
Empowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptxEmpowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptx
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
 
Business update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMIBusiness update Q1 2024 Lar España Real Estate SOCIMI
Business update Q1 2024 Lar España Real Estate SOCIMI
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
 
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单
 
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
 
tapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive datatapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive data
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
 

RACF Managers Operating Standards_Procedures.ppt

  • 1. RACF MANAGER’S OPERATING STANDARDS AND PROCEDURES Texas Workforce Commission Data Processing Department
  • 2. TWC RACF Training 2 Training for RACF Managers and Backups Presented by the Data Processing Department of the Texas Workforce Commission Please track this presentation on your “Slides for TWC RACF Training” Printout
  • 3. TWC RACF Training 3 RACF Managers and Backups are Security Guardians  Protect Information resources from unauthorized disclosure, modification, and destruction  Careful and consistent User Account Administration by RACF Managers/Backups – Management of accounts is a key component in the protection of data, its confidentiality and integrity – Assures proper RACF access controls and RACF maintenance – Facilitates local access and accountability for TWC resource systems use
  • 4. TWC RACF Training 4 Introduction  The following brief narrative will describe the basic concepts that drive the RACF system. It is not necessary that you understand how the RACF system works to maintain the RACF system locally, but a cursory understanding will help you to appreciate what happens internally when you perform some RACF activity.
  • 5. TWC RACF Training 5 Basic RACF Concepts  RACF (Resource Access Control Facility) allows the agency to define users who can access protected resources and relates how users can access the protected resources.  When a user is defined to the system, RACF builds and stores a user profile in the RACF data set. The profile contains a description of the user for RACF including name, user ID, owner, and other user characteristics. The local Information Security manager who defines a new user to RACF becomes the “owner” of the new user. An owner has the capability to modify, list and delete the user’s responsibilities and work assignment.
  • 6. TWC RACF Training 6 RACF Group Managers Panel  To define users to RACF, a unique panel has been developed. This panel is called the Group Managers Panel because it is used by local Information Security managers to add, modify and delete users. (Note: Groups and Resources are defined to RACF by the RACF Administration unit).  An Information Security Manager has a special user code that allows him or her to access the RACF Group Managers Panel and perform certain RACF authorized activities, such as adding, updating, or deleting a user.
  • 7. TWC RACF Training 7 RACF Group Managers Panel  The RACF Group Managers panel is on the Time-Share Option (TSO) system. The manager is authorized to use the TSO system for RACF Manager panel activities only.
  • 8. TWC RACF Training 8 The manager signs on by typing “TSO” on the system request panel
  • 9. TWC RACF Training 9 After entering this, the system will request the Information Security manager’s user ID (IKJ56700A ENTER USERID). This user ID will be provided by the RACF Administration unit.
  • 10. TWC RACF Training 10 When the manager enters his user ID (Mnnnn), the TSO/E LOG-ON screen will appear. The manager now enters his or her password (6 to 8 alphanumeric characters).
  • 11. TWC RACF Training 11 After entering the password and pressing enter, the manager will receive log- on data and any current messages addressed to his TSO user ID. When three asterisks (***) appear on the last line, log-on to TSO is complete, and the manager need only to depress the ENTER key to receive the RACF Managers Menu.
  • 12. TWC RACF Training 12 RACF Manager’s Menu
  • 13. TWC RACF Training 13 RACF Group Managers Panel  If the Information Security Manager or Backup revokes their management ID or forgets their password, they will have to contact the RACF Administration Unit for assistance. Only the RACF Administration Unit can unrevoke or issue a new temporary password for an Information Security Manager or Backup.  Once the manager or backup have completed sign-on and are on the RACF system, they may now perform the actions required, or if in doubt, they can enter HELP on the COMMAND LINE or depress the F1 key for HELP. The HELP command will produce the RACF TUTORIAL, step-by-step instructions on how to use the manager’s panel.
  • 14. TWC RACF Training 14 RACF Tutorial Menu
  • 15. TWC RACF Training 15 Group Manager’s Practice Panels  A practice panel has been established for Information Security Managers to use to sharpen their skills or gain experience without the fear of “messing things up”. This panel is a close replica of the actual panel an Information Security Manager will use. The panel will permit the manager or backup to perform any of the functions he or she may be required to perform on the actual office panel. The practice panel will reset itself to its original condition when the manager or backup signs off. Any changes made to the panel, whether correct or incorrect, will be erased when the END (F3) key is depressed.  To access the manager’s practice panel the user can use a practice manager’s ID. The practice IDs used are M9991, M9992, M9993, M9994 or M9995. All manager practice passwords are TWC12345. Signing on to TSO as M9991 with the password of TWC12345 will access the manager’s practice panel. The manager’s practice panel may be more instructive if used in conjunction with this manual.
  • 16. TWC RACF Training 16 Manager’s Panel Sections  The Information Security Manager’s Panel is made up of four parts: the COMMAND LINE, the USER WORK AREA, the GROUP WORK AREA, and the TABLE OF USERS
  • 17. TWC RACF Training 17 The COMMAND LINE communicates instructions to the RACF system.
  • 18. TWC RACF Training 18 Manager’s Panel Sections  Between the COMMAND LINE and the USER WORK AREA is a line of function keys (and an explanation of that function) that will assist the manager in performing certain actions. A complete listing of all function keys can be obtained by typing “KEYS” on the command line and pressing the ENTER key.  Below the Function key line is a heading line describing the items appearing in the USER WORK AREA.
  • 19. TWC RACF Training 19 The USER WORK AREA displays individual users on command.
  • 20. TWC RACF Training 20 The GROUP WORK AREA lists the access groups the manager may assign to his users.
  • 21. TWC RACF Training 21 The TABLE OF USERS lists the users in the office who have been defined to RACF.
  • 23. TWC RACF Training 23 Manager’s Panel Sections  The COMMAND LINE is where the manager can communicate instructions to the RACF system, indicating what may be done. The command line is indicated by the following characters.  COMMAND ===>  All commands can be entered on this line. Some commands have a Function (F) key assigned to them. Pressing the Function (F) key is the same as entering that command on the COMMAND LINE. Below the COMMAND LINE is the line of available F keys.
  • 24. TWC RACF Training 24 Primary Commands Command/F Key Abbreviation Function ADD A The information in the work area is used to create a new user. CLEAR C Clear the work area. DELETE D Delete user specified in the work area. END/F3 END Go back one level. GET G XXX Fill in the work area with user XXX. HELP/F1 HELP Request information. KEYS KEYS Display F key meanings. POINT P X Display line with primary sort field greater than or equal to X. The default for X is "A". UPDATE U Update user specified in the work area.
  • 25. TWC RACF Training 25 Secondary Commands Command/F Key Abbreviation Function LEFT #/F10 L # Move group area in table area left # number of columns. The default for # is one. RIGHT #/F11 R # Move group area in table area right # number of columns. The default for # is one. BACKWARD #/F5 B # Go back # number lines in the group work area. The default for # is one. FORWARD #/F6 F # Advance # number lines in the group work area. The default for # is one.
  • 26. TWC RACF Training 26 Secondary Commands SELECT # S # 1. Select and display users who have group characters equal to Y as specified in the command line parameter #. # can be up to 6 group numbers. EXAMPLE: S 4,7,8 2. Specify (Y or N). EXAMPLE: S N,4,11,Y,5,9 Plus selection criteria specified in group work area. MEANING # M # Display up to six meaning panels. EXAMPLE: M 2,6,8
  • 27. TWC RACF Training 27 To the right of the COMMAND LINE is the SCROLL command, which is highlighted on the screen below.
  • 28. TWC RACF Training 28  The space after the arrow is the SCROLL amount entry field. This parameter indicates how many lines of users are advanced in the TABLE of USERS when the UP and DOWN commands or the F7 and F8 keys are used.
  • 29. TWC RACF Training 29 The scroll amount area is indicated by: SCROLL=== PAGE The default as noted is PAGE. The acceptable entries in this field and their meanings are listed below. Command Description MAX Scroll to the top or bottom PAGE Scroll the number of lines displayed HALF Scroll half of the page CSR Scroll to the line where the cursor is displayed DATA Scroll a page minus one. 1 thru 9999 Scroll this many lines
  • 30. TWC RACF Training 30 The USER WORK AREA is the two lines directly below the F key line. A duplication of the USER WORK AREA appears below:
  • 31. TWC RACF Training 31 The top line of the USER WORK AREA identifies the entry fields in the line below for all categories except the TAG. No additional area is needed for the TAG. Workspace Field Instruction Password Only appears when entered by the Manager during an ADD or UPDATE. UID Three character user identification. First character must be an alphabetic character. SSN Nine digit Social Security number of the user. NAME Twenty character user name, last name first, First name and middle initial.
  • 32. TWC RACF Training 32 GROUP Local office or department. Usually Lnnnn (where nnnn is the local office or department number). TSO ACCT Nine character number for accounting purposes, assigned by the RACF Administration Unit. TAG Character placed on the left of the USER in the TABLE OF USER AREA to identify specific users.
  • 33. TWC RACF Training 33 Before each identifier (UID, SSN, Name, etc) there is an entry field that can be set to: Y Display this field as one of the fields in the TABLE OF USERS. N Do not display this field. S Display the TABLE OF USERS entries in ascending sequence by this field. (i.e., S in front of SSN will arrange the list of users in ascending SSN order.) P Display the TABLE OF USERS entries in ascending sequence by this field. (i.e., P in front of NAME will arrange the list of users in alphabetic order by name). The P can be used as the primary sort in conjunction with the S as a secondary sort.
  • 34. TWC RACF Training 34 Group Work Area The GROUP WORK AREA contains a list of the access groups (authority codes into which the manager may put users. Membership in an access group gives the user the authority to perform certain functions. An example of a group area appears below: __01-REVOKED __02-GROUPA __03-GROUPB __04-GROUPC __05-GROUPD __06-GROUPE __07-GROUPF
  • 35. TWC RACF Training 35 Associated with each access group name is a one-character entry field represented by __ and a group number. The group number identifies the group with a column in the TABLE OF USERS. When a user is in the USER WORK AREA and he is in a group, the character “Y” (yes) appears in the column; if a user is not in a group, it is empty ( __ ).
  • 36. TWC RACF Training 36 These groups are delegated to a manager by the RACF Administration Unit as directed by the owner of the functions. A full explanation of the access groups and what functions they authorize a user to perform can be obtained by entering a “M” in the entry field next to any group in the GROUP WORK AREA. The initially delegated groups should include all the office’s present needs. Additional groups will be delegated to the manager as the need develops or groups may be requested from RACF Administration with justification in writing. (See HOW TO GET ADDITIONAL ACCESS GROUPS.)
  • 37. TWC RACF Training 37 Table of Users  The TABLE OF USERS lists the operators assigned to each office, one operator per line. Each line (by default) contains the user id (UID), name and group membership field. The fields can be selectively displayed, and the table can be sorted by any of the user fields (see USER WORK AREA). Each Y in a column of a user line indicates membership in an access group. Each column has a group number as a heading and each group number is identified with an access group in the GROUP WORK AREA.
  • 38. TWC RACF Training 38  If the list of users is longer than the screen will accommodate, the additional users in the list can be viewed by using the UP and DOWN commands or the F7 and F8 keys (see SCROLLING under PRIMARY COMMANDS).
  • 39. TWC RACF Training 39 Adding a User to RACF  A user can be added to the TABLE OF USERS in the following manner:  CAUTION: Be sure to clear the WORK AREA before adding a user. This can be done by typing a “C” on the COMMAND line and pressing enter.
  • 40. TWC RACF Training 40 Work Space Instruction COMMAND LINE Type “A” or “ADD” after the Command => USER WORK AREA Move the cursor to the entry field below the PASSWORD in the USER WORK AREA and type the user’s temporary password. The password must be unique and 6 to 8 alphanumeric characters long. This temporary password will be used only for initial sign on. The user will be required to supply a personal password good for 60 days on initial sign on.
  • 41. TWC RACF Training 41 Type the three-character user identification under the UID in the USER WORK AREA. The first character must be an alphabetic character. If the user ID is already in use, RACF will notify the manager with the message “xxx ALREADY EXISTS” in the upper right hand corner of the screen when the data is entered. The manager must select another UID until he is successful. NOTE: After receiving message “UID already exists” press F1 to obtain up to four UID alternatives created by RACF. If you do not wish to use one of the created UIDs, just enter a new option and press “ENTER” again.
  • 42. TWC RACF Training 42 Type the nine-digit Social Security number in the space under SSN. Type the user’s name, last name first, in the space below NAME. The name can be up to 20 characters long. (e.g. Greene, William P.) NOTE: The name field will not accept an apostrophe. For names such as O’Conner or O’Brien, omit the apostrophe and enter the name as OConner and OBrien.
  • 43. TWC RACF Training 43 GROUP WORK AREA Type a “Y” (yes) in the entry field to the left of every access group where membership is desired. If an office has more than 35 access groups, the FORWARD (F) and BACKWARD (B) Commands, or the F5 and F6 keys can be used. (See Secondary Commands) NOTE: The cursor can be returned to the COMMAND LINE by depressing the HOME key.
  • 44. TWC RACF Training 44 Updating a RACF User Workspace Instruction COMMAND LINE Type “G xxx” or GET xxx” after COMMAND ===>, where xxx is the User ID of the user to be changed. Press ENTER. The user xxx will be placed in the USER WORK AREA. Type “U” or “Update” after COMMAND ===>. USER WORK AREA Overtype any changes to be made to the user fields: PASSWORD, SSN or NAME.
  • 45. TWC RACF Training 45 GROUP WORK AREA Type a “Y” (yes) in the entry field to the left of every access group where membership is desired. Space out any “Y” where membership is to be removed. Check your work and then press ENTER. If successful, RACF will print the message: “USER xxx UPDATED” in the upper right hand corner of the panel. NOTE: An Information Security manager cannot change his/her own or the Backup manager’s user profile. Only the RACF Administration Unit can update management profiles. If assistance is needed to unrevoke a manager’s ID or obtain a temporary password, the RACF Administration Unit should be contacted.
  • 46. TWC RACF Training 46 Updating Multiple RACF Users  Updating multiple RACF users simultaneously can be done by using the “TAG” function. The TAG function is helpful when an office has a large number of RACF users that need to be updated.  Contact the Racf Administration Unit for more information using the TAG function.
  • 47. TWC RACF Training 47 Revoking/Un-revoking a RACF User Workspace Instruction COMMAND LINE Type “G xxx” or “Get xxx” after COMMAND ===> where xxx is the user ID of the user to be changed. Press ENTER. The user xxx will be placed in the USER WORK AREA. Type “U” or “Update” after COMMAND ===> GROUP WORK AREA Type a “Y” (yes) in the entry field to the left of 01-REVOKE group when a user is to be denied logon access. Space over the “Y” if the user is to be unrevoked (user access to logon restored). Check your work and then press ENTER. If successful, RACF will print the message “USER xxx UPDATED” in the upper right corner of the panel. NOTE: When un-revoking a user, the manager should also determine if the User needs a new temporary password.
  • 48. TWC RACF Training 48 Deleting a RACF User Workspace Instruction COMMAND LINE Type “G xxx” or “GET xxx” after the COMMAND ===> where xxx is the user ID of the user to be deleted. Press ENTER. The user xxx will be placed in the USER WORK AREA. Check that the user is the correct one. Type “D” or “Delete” after Command ===>, then press ENTER. If successful, RACF will print the message “USER xxx Deleted” in the upper right corner of the panel.
  • 49. TWC RACF Training 49 Transferring a User If a user is being transferred to another TWC office, the UID can be transferred by the RACF Administration Unit without the user losing their password. The request can come from either the receiving or losing Local Security Manager. The request should be sent to the RACF Administration Unit and must contain the name and UID of the user being transferred along with the name of the receiving and losing offices. The user will be transferred to the new RACF group with all access deleted except the basic sign-on and inquiry (AC01 & AC02). The managers will be notified when the transfer is complete and the new manager will be advised to provide the user with the appropriate access for the new job assignment.
  • 50. TWC RACF Training 50 Access Groups and What They Mean  It is the manager's responsibility to understand the job assignment of the user and what access code(s) is needed for that job. If the manager is unsure of the user’s job assignment, the manager should check with the user’s Supervisor. The user's access should be limited to only the access codes needed to do the job assigned.  To access the meanings of access codes, the manager signs on to the Information Security Managers Panel. By placing an "M" in the entry field of the access group for which he/she desires the meaning and then depressing the ENTER key, a list of the transactions will appear. Returning to the manager's panel can be accomplished by using the F3 key.
  • 51. TWC RACF Training 51 How to get Additional Access Groups From time to time, when additional functions are developed, the program department that is responsible for that function will request that the RACF Administration Unit assign an access group. The department will inform potential users how to access the new function. Information Security Managers will be notified of the new access group if it is to be assigned to users in their office. If an Information Security Manager believes that his /her office should have an access group that it currently does not have, he/she should make this request in writing to the RACF Administration Unit.
  • 52. TWC RACF Training 52 Office Openings and Closings When a TWC Office, WDA Office, State Office Department or other major organizational entity using TWC computer services is opened or closed or an organizational change is contemplated, the RACF Administration Unit should be notified in writing. The user id's for the manager and the backup will be created or deleted as needed. This will prevent the disruption of computer services. The necessary authority codes will also be granted at this time.
  • 53. TWC RACF Training 53 RACF ACTIVITY REPORTS  Function 4 on the RACF MANAGERS MENU is the 'BROWSE RACF REPORTS FOR GROUPS function. The RACF report documents when a user attempts sign-on with an incorrect password, accesses an unauthorized function or attempts to modify resources without proper authority. This function allows the local security manager to look at the RACF activity for the previous seven days.  Ideally, the manager should look at the reports daily, but when time does not permit daily review, the manager should browse the reports at least weekly.
  • 54. TWC RACF Training 54 Accessing the RACF Reports Access to the Reports function is on the RACF Managers Menu. The local security manager enters the number '4’ after SELECT OPTION ===> and depresses the ENTER key. The secondary screen displays a list of reports for the previous seven days. If there is no user activity for the group on a particular date, the report will not be generated.
  • 55. TWC RACF Training 55 To view a report, position the cursor and type an ‘S’ in front of the report which represents the day desired. The last number of the report (1-7) represents the day of the report. (Day 1 is the previous day’s report.)
  • 56. TWC RACF Training 56 Headings on the RACF Report. The RACF Report is too wide to fit on the screen so it is viewed as two halves. The left half identifies the circumstances surrounding the event and the right half discusses the event. You can move between the left and right halves by toggling the F10 (left) and F11 (right) keys.
  • 57. TWC RACF Training 57 RACF Report LISTING OF PROCESS RECORDS VIOLATIONS (LEFT SIDE)
  • 58. TWC RACF Training 58 RACF Report LISTING OF PROCESS RECORDS VIOLATIONS (RIGHT SIDE)
  • 59. TWC RACF Training 59 What the RACF Reports Mean The RACF reports collect information on system sign on and access events. Although there are numerous events that could cause a report to be produced, there are basically seven events for which a local Information Security Manager should be aware. All involve either sign on or access violations. The following events should be noted: EVENT/QUAL DESCRIPTION 1 1 The user has attempted to sign on with an invalid password. 1 6 The user attempted to sign on with a revoked user ID. 1 7 The user's ID is automatically revoked. 1 25 The user's current password has expired. 1 26 The user has selected an invalid new password. 2 1 The user has insufficient authority to access the resource
  • 60. TWC RACF Training 60 Monthly RACF Inactivity Reports  Information Security Managers receive monthly RACF reports of TWC mainframe RACF IDs for their office/area that show IDs which have not been used in 90 and 180 days. Employee IDs on the 180-day report have been automatically deleted. If offices have any employees on extended leave whose IDs should not be deleted, please contact RACF Administration.  Information Security Managers should review the 90-day lists to determine if any IDs need to be deleted. User IDs that have not been used recently merit investigation to determine if they should be deleted. To help isolate IDs for investigation, the report includes: whether the ID is revoked and the last access date.
  • 61. TWC RACF Training 61 RACF IDs not in CHAPS Report  Information Security Managers may also receive an additional report that lists RACF IDs which do not correspond with employees in the TWC Peoplesoft Human Resources personnel file. This list is a result of a social security number crossmatch. You may find that the ID is current, but the SSN is incorrect in RACF. If this is the case, the Security Manager will want to correct the SSN in RACF to prevent the ID from appearing on future reports.  Information Security Managers should keep their RACF table of users current.
  • 62. TWC RACF Training 62 Information Resources Usage Agreement (IRUA also known as the “P-41”)  Signed declaration of user’s understanding, acknowledgement, and endorsement  Required to protect the integrity of information resources on TWC systems – All users must sign the TWC Information Resources Usage Agreement (IRUA or P-41) before access is given to an account – Users of TWC systems must have a signed TWC IRUA/P-41 on file and such agreement shall be reaffirmed annually
  • 63. TWC RACF Training 63 Log All Work as RACF Manager  Record and Date (in Word or Excel)  New Users – Log the new user id and requestor  Modifications – Resets – Changes to access privileges (such as additions, deletions)  Deletions – Log the user id and requestor
  • 64. TWC RACF Training 64 RACF Manager and Backup Responsibilities  Insure consistent controls for TWC’s information resources  Decrease potential risks associated with information technology
  • 65. TWC RACF Training 65 Documentation and Support  Retain the class handout as your RACF manual.  If you have questions, contact racf.administration@twc.state.tx.us [“RACF Administration” in the global.]  If you have access to TWC’s Intranet – Link via “Manuals” menu, Data Processing, Manuals – Link through the url: http://intra.twc.state.tx.us/intranet/its/html/iris_racf_ops.html