IBM 890 Network Card User Manual


 
70
Once a user is authenticated, RACF and the resource
managers control the interaction between that user
and the objects it tries to gain access to. These objects
include: commands, datasets, programs, tape volumes,
terminals and objects that you defi ne. RACF supports fl ex-
ibility in auditing access attempts and changes to security
controls. To audit security-relevant events, you can use the
RACF system management unload utility and a variety of
reporting tools.
With one command, a security administrator can update
remote RACF databases without logging on to remote sys-
tems. Throughout the enterprise, RACF commands can be
sent automatically to synchronize multiple databases. In
addition, RACF can automatically propagate RACF data-
base updates made by applications. With RACF, users can
keep passwords synchronized for specifi c user IDs. When
you change one password, RACF can change passwords
for your user ID on different systems and for several user
IDs on the same system. Also, passwords can be changed
automatically for the same user ID on different systems.
This way, several RACF databases can be kept synchro-
nized with the same password information.
RACF enhancements:
Digital Certifi cates can be automatically authenticated
without administrator action
Administrative enhancements enable defi nition of pro-
fi les granting partial authority. Handling of new pass-
words and removal of class authority are simplifi ed.
On demand applications require a way to associate
more users under a RACF Group defi nition, so RACF
allows the creation of a new kind of Group that can con-
tain an unlimited number of users
RACF now allows you to perform RACF installation class
updates without an IPL, which can help improve availability
RACF facilitates enterprise password synchronization
through RACF password enveloping and notifi cation of
password changes using z/OS LDAP
Improved user accountability through RACF’s enforce-
ment of unique z/OS UNIX UIDs and GIDs
Improved access control fl exibility and granularity for
z/OS UNIX fi les with access control lists
Multilevel security support
Multilevel Security
z/OS 1.5 is the fi rst and only IBM operating system to pro-
vide multilevel security. This technology can help improve
the way government agencies and other organizations
share critical classifi ed information. Combined with IBM’s
DB2 UDB for z/OS Version 8, z/OS provides multilevel
security on the zSeries mainframe to help meet the strin-
gent security requirements of government agencies and
fi nancial institutions, and can help open up new hosting
opportunities. Multilevel security technology allows IT
administrators to give users access to information based on
their need to know, or clearance level. It is designed to pre-
vent individuals from accessing unauthorized information
and to prevent individuals from declassifying information.
With multilevel security support in IBM’s z/OS 1.5 and DB2
V8, customers can enable a single repository of data to
be managed at the row level and accessed by individuals
based on their need to know.
SSL
Secure Socket Layer (SSL) is a public key cryptography-
based extension to TCP/IP networking which helps to
enable private communications between parties on the
Internet. z/OS provides fast and highly secure SSL sup-
port, with increased performance when coupled with
zSeries server cryptographic capabilities.