RACF User profiles contain information about the user. A user profile can be connected (please note the right term: connected, not defined) to several groups.
Showing posts with label RACF. Show all posts
Showing posts with label RACF. Show all posts
Thursday, May 9, 2019
RACF Concepts
Compared to mainframe security implementation, Windows and *Nix security is very primitive. Resource Access Control Facility (RACF) is one of the many products that protect mainframe resources.
RACF aims to protect mainframe resources from unauthorized access. It sees every file, database, table, transaction, service as a resource and each of these can be protected by RACF. RACF can be set to protect all resources by default. That means unless specifically given, no one can access a resource.
RACF aims to protect mainframe resources from unauthorized access. It sees every file, database, table, transaction, service as a resource and each of these can be protected by RACF. RACF can be set to protect all resources by default. That means unless specifically given, no one can access a resource.
Wednesday, April 25, 2018
Auditing RACF Using Microsoft Access or any SQL Database
Executive Summary
Aside from being difficult, auditing RACF requires special skills. It needs understanding of RACF concepts plus understanding of the other subsystems being audited. A comprehensive manual audit took four auditors two months to complete. This can make the audit report irrelevant by the time it is released because errors may have been corrected already - making the auditors look incompetent - or worse, security breach may have occurred without the auditors detecting it.
Subscribe to:
Posts (Atom)