IBM GC28-1920-01 Server User Manual


 
OS/390 OpenEdition
OS/390 Release 2 OpenEdition adds new capabilities for which RACF provides
support.
Authorizing and Auditing Server Access to the CCS and WLM
Services
OS/390 Release 2 OpenEdition adds the capability to check whether servers are
authorized to use the console communications service (CCS) and the workload
manager (WLM) service. RACF provides support for this capability by determining
whether the server identity has authority to the service, and by auditing requests for
access to these services.
RACF provides two new audit function codes for these services. The auditing is
based on the existing PROCESS class.
Auditing the Passing of Access Rights
OS/390 Release 2 OpenEdition implements the passing of access rights from one
process to another. A sending process opens a file and passes the open file
descriptor to a receiving process via a UNIX domain socket connection. RACF
writes SMF type 80 records when:
The access rights are passed by the sending process.
The access rights are received by the receiving process.
The access rights are discarded by the receiving process without being
received.
RACF provides a new event code and 3 new audit function codes for these SMF
records. Auditing is based on the existing PROCACT class.
SOMobjects for MVS
RACF provides support for Version 1 Release 2 of SOMobjects for MVS. A client
application running in an OS/2, AS/400, or MVS environment requesting distributed
SOM (DSOM) services can have those services run in an MVS server. To support
the use of remote objects with SOMobjects for MVS, RACF does the following:
Authenticates the user as a valid and correct user through the presentation of a
password
Verifies the user's access to use the requested server
Verifies the server's access to use the method within the specified class
Verifies that only approved servers can register with the SOMojbects for MVS
server daemon, preventing unauthorized users from starting trojan horse
servers
SystemView for MVS
SystemView for MVS consists of programs that run on the user's workstation and
programs that run on MVS. SystemView for MVS displays a
Launch window
that
contains a customized task tree. This
task tree
represents systems management
programs, or applications, to which the workstation user can get access. The
information needed by the SystemView for MVS client code running in the
workstation is created and stored on the MVS-based SystemView server system,
8 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration