Some of the possible tasks/steps comprising the RACF reengineering offer are:

• Review or design a mainframe security policy, based on client's requirements.
• Review or establish resource ownership.
• Conduct interviews with user's areas about their common access needs to resources in order to design RACF group structure, based on job-role concept.
• Review and/or create Class Descriptor Table (ICHRRCDE) and Router Table (ICHRFR01) modules, SYS1.RACF.PARMLIB and other system programming work.
• Review and implement changes to RACF system settings (SETROPTS).
• Propose new or comply with existing naming standards for groups, userids, datasets and general resources (classes GROUP, USER, DATASET, DASDVOL, JESSPOOL, STARTED, TCICSTRN, etc).
• Create profiles in class STARTED for all started tasks. Remove attributes TRUSTED/PRIVILEGED from Started Task Userid by identifying and implementing correct permissions for them.
• Convert subsystems/products such as CICS, DB2, SDSF, Omegamon etc, to RACF.
• Review or design RACF environment for job submission using classes SURROGAT, NODES, WRITER, JESINPUT, JESJOBS.
• Remove WARNING by building access lists with proper permissions.
• Clean-up of obsolete, redundant profiles and permissions.
• Review or establish RACF security for UNIX System Services.
• Review or design RACF reports for security violations, monitoring of success, change tracking etc., based on DB2 queries, ICETOOL or CONSUL for RACF.
• Produce RACF security manual and guidelines for client’s RACF administrators.
  

back