IBM OS/390 Server User Manual


 
Chapter 2. Release Overview
This chapter lists the new and enhanced functions of RACF for OS/390 Release 4
and gives a brief overview of each new function or function enhancement.
New and Enhanced Support
For OS/390 Release 4, RACF provides:
Support for the RACF/DB2 external security module
Additional auditing of OpenEdition superusers status
Default OpenEdition USER/GROUP support
Run-time library services support
Password history enhancements
OW23445 enhancement to allow RACF user profile administration using Tivoli
Management Environment (TME) administration service
OW25727 enhancement to allow program control by system ID
New FMID
OW24966 enhancements to TARGET command
Enable/disable changes
OW26237 enhancements to global access checking
RACF/DB2 External Security Module
The Security Server for OS/390 Release 4 is providing a new function that gives
you the ability to control access to DB2 objects using RACF profiles. This function
is provided as a fully supported exit module called the RACF/DB2 external security
module. If you choose to use this new support, the module is designed to receive
control from the DB2 access control authorization exit point. The highlights of the
support include:
Single point of control for administering and auditing DB2 access
Ability to define security rules before a DB2 object is created
Ability to have security rules persist when a DB2 object is dropped
Ability to control access to DB2 objects with generic profiles
Flexibility to control access to DB2 objects for single or multiple subsystems
with a single set of RACF profiles
Ability to validate a user ID before permitting it access to a DB2 object
Elimination of DB2 cascading revoke
Use of this function requires the DB2 access control authorization exit point function
provided in DB2 Version 5.
Copyright IBM Corp. 1994, 1997 5