Clearer Vision
Tivoli zSecure helps adjust RACF permissions for greater security
With the last few releases of the Tivoli zSecure suite, IBM has literally introduced game-changing characteristics to mainframe security.
RACF Offline
zSecure release 1.9.1, back in 2008, added a capability known as Resource Access Control Facility (RACF) Offline. The primary benefit is testing the syntax of RACF commands to ensure they run properly when issued on a production environment. Testing RACF commands prior to issuing them has traditionally been an almost impossible task in z/OS environments. The only truly successful method has been to completely replicate the production security system in a non-production environment, something that most customers shy away from for simple cost and management overhead reasons.
This capability to test large numbers of RACF commands intended to be issued in batch is vital during large RACF change programs or database merges. This process is an essential part of any complete z/OS security management solution, however not something most customers need to do every day.
We’ll see, though, how RACF Offline is going to provide an essential piece of the z/OS RACF security puzzle in solving even more pernicious z/OS security management issues.
Michael Cairns works for IBM as a technical specialist in the Tivoli zSecure range of software. Michael can be reached at mike.cairns@au1.ibm.com.
More Articles From Michael Cairns
Search our new 2013 Buyer's Guide.
Maximize your IT investment with monthly information from THE source...IBM Systems Magazine EXTRA eNewsletter. SUBSCRIBE NOW.
View past Mainframe EXTRAs here
Related Articles
Features | New encryption facility for z/OS strengthens mainframe bond.
Trends | Data security is not just an IT department issue.