Replacing BPX.DEFAULT.USER

Updated

RACF Monitoring & Reporting

APPL Class

SETROPTS

IRRHFSU

RACF & Storage Administration

RACF Performance Tuning

FACILITY Class

RACF Authorization Logic

RACF & PCI Standards

UNIXPRIV Class

RACLIST Profile Merge

RACF Command Tips

Common Holes in RACF Defenses

RACF & Endevor

zOS Unix - File System Security

RACF Utilities

RACF & REXX

Merging RACF Databases

General Resource Fundamentals

DFSORT & ICETOOL

Auditing RACF

RACF & CICS - The Basics

RACF Administrative Authorities

RACF Audit Guidance

RACF & Role-Based Access Control (RBAC)

RSH RACF Tips Newsletter Subscription Form

RSH RACF Tips  - Volume 7, Issue 2

- Improved RACF Googling
- SURROGAT Contest Winner
- IRRUT200 ACTIVATE Hang
- DEFINE RECATALOG Check
- Protecting Program EDGINERS
- Auditors: Check the PPT
- RACF FMID Reference
- RACF Health Checker Issues
- Group GID VLF Cache Problem

RSH RACF Tips  - Volume 7, Issue 1

- Protect Shutdown Commands
- Custom Field Names
- RRSF & Batches of Commands
- UNIX sudo & sudoedit
- Auditors: Confirm Started Task and Batch IDs are PROTECTED
- SURROGAT Contest
- FIELD Permits to &RACUID

RSH RACF Tips  - Volume 6, Issue 4

- RRSF & TCPIP Communication Failure Issue
- AIM Conversion Lockup Issue
- FASTAUTH & DEFAULT TOKEN
- ABEND Due to FROM Profile With Undefined OWNER
- Many More FACILITY Resources
- Unix Default User & MAXUIDS
- ITOM Resource Name Error
- Unix Path Names in SMF Unload Records Can Have // Prefix
- Identify Underlying zFS Dataset

RSH RACF Tips  - Volume 6, Issue 3

- To All Our Clients - Thank You!
- REQUEST=VERIFY & GLOBAL
- FACILITY BPX.SAFFASTPATH
- SMF Type 30 Records
- Auditors: Confirm PROTECTALL is Active
- More on Replacing BPX.DEFAULT.USER
- Listing CA-1 Security Options

RSH RACF Tips  - Volume 6, Issue 2

- Replacing BPX.DEFAULT.USER
- Additional GLOBAL Entries
- Temporary Dataset Protection
- Auditors: Review Tape BLP Authority

RSH RACF Tips  - Volume 6, Issue 1

- CICS TS 4.2 & RACF
- RACF-L Internet Discussion List
- Auditors: Review PROGRAM Protection
- Beware Making the Unix Default User a File or Directory Owner
- ISPF 3.17 MA Line Command
- Protect TCP/IP Low Ports
- TSO User Data Sharing

RSH RACF Tips  - Volume 5, Issue 4

- z/OS UNIX Security Enhancement
- Duplicate JOBINIT Records
- Indicate Permit Level in DATA
- Is * or ** More Specific? (Answer)
- Auditors: Review Tape Dataset Protection Bypass Authority
- Password Reset Authority Delegation
- CF Rebuild Can Hang Sysplex

RSH RACF Tips  - Volume 5, Issue 3

- z/OS Security & Integrity APARs
- Performance Tip: IRRDBU00
- Monitoring Using JESJOBS
- IRRHFSU & UAUDIT
- Auditors: Review SETROPTS AUDIT(classes)
- Your Unix Default User May Own Files & Directories
- More FACILITY Resources
- Grouping Profile Name Length

RSH RACF Tips  - Volume 5, Issue 2

- Trust SMS
- Proper RACF Database Backup
- Demise of BPX.DEFAULT.USER
- MVS.DISPLAY.TCPIP
- RACF Administrator's DFLTGRP
- RACF Protect TCP/IP Ports
- Auditors: Review Password Minimum Change Interval

RSH RACF Tips  - Volume 5, Issue 1

- IGGCSI00 and Catalog Access
- Prevent Connection Mishaps
- WHEN(CONSOLE(SDSF))
- Websphere Library Change
- Performance: CA-Endevor LAT
- Auditors: Check Password History Option

RSH RACF Tips  - Volume 4, Issue 4

- SMP/E Protection
- Performance: GENERICANCHOR
- Correction: FILEPROCMAX
- FASTAUTH Now Honors TRUSTED and PRIVILEGED
- Auditors: Check User Password Change Intervals
- IPv4 Terminal IDs

RSH RACF Tips  - Volume 4, Issue 3

- Goodbye VSAMDSET and SYSCTLG
- DB2 DDF and FILEPROCMAX
- OPERCMDS Profile Prefixes
- Auditors: Check for Weak Password Rules
- Performance: CICS USRDELAY
- SEARCH LEVEL(nn)

RSH RACF Tips  - Volume 4, Issue 2

- FTP and JES
- Quick LD in ISPF 3.4 DSLIST

- Eliminating Discrete 'Generics'
- Auditors: Validate PROGRAM Profile Libraries

RSH RACF Tips  - Volume 4, Issue 1

- Custom Field List Titles
- Safely Implement PROTECTED
- Auditors: Verify LOGOPTIONS are set to log z/OS Unix events
- ISPF 3.17 Udlist - List Unix Files & Directories

RSH RACF Tips  - Volume 3, Issue 4

- Reducing Unix Superuser Use
- Should You Monitor or Restrict LISTDSD, RLIST, or SEARCH?
- List All SETROPTS Options without System-AUDITOR

- SMF Unload LRECL Change

- Auditors: Review Access Permitted to *
- Restrict Use of DSMON

RSH RACF Tips  - Volume 3, Issue 3

- RACLIST REFRESH & STARTED
- AUDITOR UNIX APAR
- RMM Superuser

- RESTRICTED & UNIX Access

- SEARCH Command Mystery (Answer)
- Auditors: Verify Tape Data Protection is Active

- TSO APPL Class Resource

RSH RACF Tips  - Volume 3, Issue 2

- TEMPDSN and CA-Endevor
- JESINPUT
- Performance: Database Reorg
- Auditors: PRIVILEGED and TRUSTED Started Tasks

RSH RACF Tips  - Volume 3, Issue 1

- Specifying a Replacement ID with IRRRID00

- Recent APARs of Interest

- Temporary Access with CONNECT REVOKE(date)

- Auditors: How to Examine z/OS Unix Directory and File Security

- Limit on DB2 Secondary AUTHIDs Raised

RSH RACF Tips  - Volume 2, Issue 4

- Authority to Administer Unix Directory & File Permissions

- Performance: Avoid SETROPTS GENERIC(DATASET) REFRESH

- Auditors: Find and Investigate Profiles in WARNING

RSH RACF Tips  - Volume 2, Issue 3

- OPERATIONS Authority Considerations

- Avoiding Output Browse Violation Messages in SDSF

- z/OS Unix Use Control

- Auditors: Review ALTER Access to Catalogs

RSH RACF Tips  - Volume 2, Issue 2

- LISTDSD Hints

- Sharing Output in SDSF (Without JESSPOOL Permission)

- Auditors: Review RACFVARS Profile &RACLNDE

RSH RACF Tips  - Volume 2, Issue 1

- Practical Uses for LEVEL

- CSA Storage Protection

- Auditors: Verify FDR's RACF Interface is Active

RSH RACF Tips  - Volume 1, Issue 3

- Performance: Resident Data Blocks (RDBs)

- Auditors: Review Outbound NJE Transmission Controls

RSH RACF Tips  - Volume 1, Issue 2

- Entering RACF Commands at the Console

- Performance: NOYOURACC

- Auditors: Review DITTO and FILE Manager DISK.FULLPACK

RSH RACF Tips  - Volume 1, Issue 1

- Avoiding DFSMShsm Recalls with ARCCATGP

- Performance: Increase your Enqueue Residency - ERV

- Enable Logging of Access to CA's ENDEVOR Resources

- Auditors: Review SURROGAT Batch Submit Authority

How is SETROPTS Erase-On-Scratch (ERASE) set on your production systems?

April 2013

RACF Staffing Levels

Mar 2013

Is IBMUSER still in use on your production z/OS systems?

Feb 2013

Where in the organization is the manager to whom the Senior RACF Administrator reports?

Jan 2013

Have you implemented CFIELD custom field profiles?

Dec 2012

Age of RACF-L Participants.

Nov 2012

Has your organization implemented RACF or SAF exits on any of your z/OS systems? (Ignore exits installed by commercial products.)

Oct 2012

How are you using the Unix File System unload utility IRRHFSU?

Sept 2012

How do you control access to DB2 objects in your Production DB2 subsystems?

Aug 2012

How are you using the z/OS Health Checker RACF checks?

July 2012

Is FACILITY class profile BPX.SAFFASTPATH defined in your RACF database?

June 2012

Is General Resource class FSSEC active at your installation?

May 2012

How long does your organization retain RACF-related SMF records?

April 2012

Is FACILITY class profile BPX.DEFAULT.USER defined in your RACF database?

Mar 2012

Is class TEMPDSN (Temporary Dataset Protection) active at your installation?

Feb 2012

Is SETROPTS option MIXEDCASE (Mixed Case Passwords) active at your installation?

Jan 2012

What is the program protection mode currently in effect for your various RACF databases?

Dec 2011

What is the Application Identity Mapping (AIM) stage currently in effect for your various RACF databases?

Nov 2011

Is SETROPT option EGN (Enhanced Generic Naming) active at your installtion?

Oct 2011

10 More Ways to Improve RACF Performance, Enterprise Tech Journal

Oct/Nov 2012

The Demise of the Unix Default User, Enterprise Tech Journal  

Aug/Sept 2012

Merging RACF Databases, zJournal  

April/May 2008

RACF Self-Assessment: Three Critical Areas to Examine, zJournal

April/May 2007

10 Ways to Improve RACF Performance, zJournal

Security's Multi-Purpose FACILITY Class, zJournal