IBM GC28-1920-01 Server User Manual


 
resources. Profiles must reside in storage before RACROUTE
REQUEST=FASTAUTH can be used to verify a user's access to a resource.
The client/server relationship is not propagated from the application server.
If the security administrator implements access control to resources that use
both
the server's RACF identity and the client's RACF identity in an access control
decision, application servers that the security administrator does not trust should be
treated as
end points
on OS/390. These servers should
not
be allowed to submit
batch jobs or use the services of other servers that run exclusively under the
identity of the client. This is because the relationship of the client and server
identity pair is not propagated to other applications or servers. The security
administrator must enforce this through administrative procedures by ensuring that
applications servers that do not meet this criteria are
not
authorized to the profile
BPX.SERVER in the RACF FACILITY class. By denying the untrusted servers
authorization to BPX.SERVER, the security administrator ensures that all work
done by the server, including job submission and the use of other servers, occurs
using the server's identity.
Controlling the R_dceruid Callable Service
The security administrator must define the IRR.RDCERUID profile in the FACILITY
class to control the use of the SAF R_dceruid callable service. This callable
service maps the DCE UUID to the RACF user ID.
Check your installation for programs that use:
the SAF R_dceruid callable service
or services that call it, such as:
the OS/390 OpenEdition convert_id_np callable service
the C library function __convert_id_np() function call
Users or servers using programs that use these services must have READ access
or higher to the profile that protects IRR.RDCERUID in the FACILITY class.
Enhancements to the Remove ID Utility
The RACF remove ID utility, IRRRID00, has been enhanced to search profiles
defined to the DCEUUIDS class when removing a user ID. The utility generates
output consisting of commands that remove DCEUUIDS class profiles in which the
APPLDATA field contains the user ID being removed.
The RACF security administrator should contact the DCE administrator when
removing a user ID which has been cross-linked with a DCE principal, to determine
if the DCE principal should be deleted from the cell.
SOMobjects for MVS
The security administrator must permit the users who are allowed to use specific
SOM servers and are allowed to use specific methods within classes to profiles
within the new RACF CBIND and SOMDOBJS classes. In addition, the security
administrator must define which servers are known to the SOM daemon, by
defining profiles within the new RACF SERVER class.
42 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration