RACF (Resource Access Control Facility) é um produto de segurança desenvolvido pela IBM para sistemas mainframe, que é utilizado para controlar o acesso a recursos de computador. O RACF faz parte do z/OS, o sistema operacional da IBM para mainframes. o RACF é uma ferramenta essencial para organizações que utilizam mainframes da IBM, proporcionando um controle robusto e eficiente sobre quem pode acessar quais recursos dentro do ambiente mainframe, ao mesmo tempo em que oferece recursos avançados de auditoria e administração de segurança.
Vamos pesquisar o usuário AAFBXXXX
Enter
Resultado - para avançar tecle PF8
Opção 3 + usuário que queremos deletar
Confirmando
Deletado - ao pesquisar - opção 8
Enter
Usuário não existe mais
Se ao deletar o usuário der essa mensagem de erro - significa que o RACF não pode deletar pois o usuário esta com profiles de dataset criadas, e por isso ele não pode deletar
Vamos acessar a opção P.6 - para dar comandos
Vamos dar os comandos para deletar o dataset de profile e deletar o usuário direto
Comandos que vamos dar - com esses comandos conseguimos deletar o dataset do usuário e deletar o usuário
Opção 1 ADD - TSSUSER
Depois disso, você terá a oportunidade de fornecer mais informações sobre o usuário, como nome de usuário, grupo padrão e senha (A senha inicial colocamos SYS1 e confirmamos).
Só colocamos YES essas opções
Marcamos a opção - / TSO PARAMETERS
Colocamos essas padrões
Feito
Tecle PF3 para sair - Nosso trabalho aqui está quase concluído, mas não agora. Após salvar o trabalho anterior, precisamos voltar ao painel principal do RACF. Quando voltarmos ao painel principal precisamos abrir o painel "GROUP PROFILES AND USER-TO-GROUP CONNECTIONS" opção 3
Neste painel você pode criar, alterar, conectar ou até mesmo remover um grupo do z/OS. Queremos conectar os novos usuários do TSO aos seus grupos de sistemas específicos.
O primeiro grupo é denominado "sys1", o segundo é denominado "sysctlg" e o último é "vsamdset". Para realmente adicionar o novo usuário TSO, você precisa seguir estas etapas: Grupo SYS1
Vamos colocar essas configurações
Colocamos essas opções
Feito
Isso foi para o grupo “ sys1 ”, repita os passos anteriores para os outros dois grupos. Depois de seguir as etapas agora, o novo usuário do TSO está quase pronto para usar, mas precisamos fazer apenas uma coisa:
Depois de abrir a linha de comando no z/OS, você precisará colar esses comandos um após um. Você pode simplesmente digitá-lo e clicar em Enter.
Executados com sucesso
Após este ponto, o novo usuário TSO está totalmente concluído e funciona completamente. Agora a última coisa a fazer é testar o usuário e tentar fazer o login:
Vamos logar com o nosso novo usuário
Então você pode ver que me diz "CURRENT PASSWORD HAS EXPIRED - PLEASE ENTER NEW PASSWORD" Então neste caso basta digitar uma nova senha para o usuário “TSSUSER”.
Então você pode ver que me diz "IKJ56447A Reenter the new password in the NEW PASSWORD field for verification". Então neste caso basta digitar uma nova senha para o usuário “TSSUSER”. Após inserir novamente a nova senha:
Acessamos
Acessamos
Acessamos
Mapa
P.6
Resultado
Resultado
Display de Usuário
Vamos dar um display de um usuário RACF - SERVICES OPTION MENU
SELECT ONE OF THE FOLLOWING:
1 DATA SET PROFILES
2 GENERAL RESOURCE PROFILES
3 GROUP PROFILES AND USER-TO-GROUP CONNECTIONS
4 USER PROFILES AND YOUR OWN PASSWORD
5 SYSTEM OPTIONS
6 REMOTE SHARING FACILITY
7 DIGITAL CERTIFICATES AND KEY RINGS
99 EXIT
Licensed Materials - Property of IBM
5647-A01 (C) Copyright IBM Corp. 1983, 2000
All Rights Reserved - U.S. Government Users
OPTION ===> 4
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Vamos pesquisar o usuário AAFBXXXX
RACF - USER PROFILE SERVICES PROFILE(S) FOUND
SELECT ONE OF THE FOLLOWING:
1 ADD Add a user profile
2 CHANGE Change a user profile
3 DELETE Delete a user profile
4 PASSWORD Change your own password and related information
5 AUDIT Monitor user activity (Auditors only)
D or 8 DISPLAY Display profile contents
S or 9 SEARCH Search the RACF data base for profiles
ENTER THE FOLLOWING INFORMATION:
USER ===> AAFBXXXX Userid
OPTION ===> 8
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Enter
RACF - DISPLAY FOR USER PROFILE
COMMAND ===>
To select the following options, enter any character.
_ TSO
_ NETVIEW
_ DFP
_ DCE
_ OPERPARM
_ OVM
_ CICS
_ LNOTES
_ NATIONAL LANGUAGE
_ NDS
_ WORK ATTRIBUTES
_ KERBEROS
_ LDAP PROXY
_ OMVS
_ EIM
_ Exclude basic RACF information
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Resultado - para avançar tecle PF8
BROWSE - RACF COMMAND OUTPUT------------------------ LINE 00000000 COL 001 080
********************************* Top of Data **********************************
USER=AAFBKKKK NAME=UNKNOWN OWNER=DPTSUP CREATED=24.131
DEFAULT-GROUP=DPTSUP PASSDATE=00.000 PASS-INTERVAL= 30 PHRASEDATE=N/A
ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
LAST-ACCESS=UNKNOWN
CLASS AUTHORIZATIONS=NONE
INSTALLATION-DATA=USUARIO RPC DETRAN BCO 240
NO-MODEL-NAME
LOGON ALLOWED (DAYS) (TIME)
---------------------------------------------
ANYDAY ANYTIME
GROUP=DPTSUP AUTH=USE CONNECT-OWNER=DPTSUP CONNECT-DATE=24.131
CONNECTS= 00 UACC=NONE LAST-CONNECT=UNKNOWN
CONNECT ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
GROUP=PRFAEA1 AUTH=USE CONNECT-OWNER=PRFAEA1 CONNECT-DATE=24.131
CONNECTS= 00 UACC=NONE LAST-CONNECT=UNKNOWN
CONNECT ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
GROUP=PRFAPPC AUTH=USE CONNECT-OWNER=PRFAPPC CONNECT-DATE=24.131
CONNECTS= 00 UACC=NONE LAST-CONNECT=UNKNOWN
CONNECT ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
GROUP=APPC AUTH=USE CONNECT-OWNER=APPC CONNECT-DATE=24.134
CONNECTS= 00 UACC=NONE LAST-CONNECT=UNKNOWN
CONNECT ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
GROUP=AEA1 AUTH=USE CONNECT-OWNER=AEA1 CONNECT-DATE=24.134
CONNECTS= 00 UACC=NONE LAST-CONNECT=UNKNOWN
CONNECT ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
SECURITY-LEVEL=NONE SPECIFIED
CATEGORY-AUTHORIZATION
NONE SPECIFIED
SECURITY-LABEL=NONE SPECIFIED
******************************** Bottom of Data ********************************
COMMAND ===> SCROLL ===> PAGE
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Deletar Usuário
Vamos ver onde se deleta usuário do RACF - Para excluir - menu inicial - Opção 4 RACF - SERVICES OPTION MENU
SELECT ONE OF THE FOLLOWING:
1 DATA SET PROFILES
2 GENERAL RESOURCE PROFILES
3 GROUP PROFILES AND USER-TO-GROUP CONNECTIONS
4 USER PROFILES AND YOUR OWN PASSWORD
5 SYSTEM OPTIONS
6 REMOTE SHARING FACILITY
7 DIGITAL CERTIFICATES AND KEY RINGS
99 EXIT
Licensed Materials - Property of IBM
5647-A01 (C) Copyright IBM Corp. 1983, 2000
All Rights Reserved - U.S. Government Users
OPTION ===> 4
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Opção 3 + usuário que queremos deletar
RACF - USER PROFILE SERVICES
SELECT ONE OF THE FOLLOWING:
1 ADD Add a user profile
2 CHANGE Change a user profile
3 DELETE Delete a user profile
4 PASSWORD Change your own password and related information
5 AUDIT Monitor user activity (Auditors only)
D or 8 DISPLAY Display profile contents
S or 9 SEARCH Search the RACF data base for profiles
ENTER THE FOLLOWING INFORMATION:
USER ===> AAFBXXXX Userid
OPTION ===> 3
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Confirmando
RACF - DELETE USER
USER: AAFBXXXX
To confirm the delete request, press the ENTER key.
(The user profile will be deleted.)
To cancel the delete request, enter the END command.
COMMAND ===>
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Deletado - ao pesquisar - opção 8
RACF - USER PROFILE SERVICES PROFILE DELETED
SELECT ONE OF THE FOLLOWING:
1 ADD Add a user profile
2 CHANGE Change a user profile
3 DELETE Delete a user profile
4 PASSWORD Change your own password and related information
5 AUDIT Monitor user activity (Auditors only)
D or 8 DISPLAY Display profile contents
S or 9 SEARCH Search the RACF data base for profiles
ENTER THE FOLLOWING INFORMATION:
USER ===> AAFBXXXX Userid
OPTION ===>
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Enter
RACF - DISPLAY FOR USER PROFILE
COMMAND ===>
To select the following options, enter any character.
_ TSO
_ NETVIEW
_ DFP
_ DCE
_ OPERPARM
_ OVM
_ CICS
_ LNOTES
_ NATIONAL LANGUAGE
_ NDS
_ WORK ATTRIBUTES
_ KERBEROS
_ LDAP PROXY
_ OMVS
_ EIM
_ Exclude basic RACF information
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Usuário não existe mais
BROWSE - RACF COMMAND OUTPUT------------------------ LINE 00000000 COL 001 080
********************************* Top of Data **********************************
ICH30001I UNABLE TO LOCATE USER ENTRY AAFBXXXX
******************************** Bottom of Data ********************************
COMMAND ===> SCROLL ===> PAGE
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Se ao deletar o usuário der essa mensagem de erro - significa que o RACF não pode deletar pois o usuário esta com profiles de dataset criadas, e por isso ele não pode deletar
ICH04009I UXXXXX CANNOT BE DELETED. DATA SET PROFILES STILL EXIST.
Vamos acessar a opção P.6 - para dar comandos
CUSTOMPAC MASTER APPLICATION MENU
OPTION ===> p.6 SCROLL ===> PAGE
USERID - IBMUSER
TIME - 07:24
IS ISMF - Interactive Storage Management Facility
P PDF - ISPF/Program Development Facility
IP IPCS - Interactive Problem Control Facility
DI DITTO - Data Interfile Transfer, Testing and Operations
SD SDSF - System Display and Search Facility
IC ICSF - Integrated Cryptographic Service Facility
HC HCD - Hardware Configuration Definition
BMR BMR READ - BookManager Read (Read Online Documentation)
BMI BMR INDX - BookManager Read (Create Bookshelf Index)
S SORT - DF/SORT Dialogs
OU USER - z/OS ISPF User Options
R RACF - Resource Access Control Facility
OS SUPPORT - z/OS ISPF System Support Options
SM SMP/E - SMP/E Dialogs
TS TSS - TOP SECRET
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Vamos dar os comandos para deletar o dataset de profile e deletar o usuário direto
Menu List Mode Functions Utilities Help
------------------------------------------------------------------------------
ISPF Command Shell
Enter TSO or Workstation commands below:
===>
Place cursor on choice and press enter to Retrieve command
=> LISTDSD DA(TESTUSER.**) GENERIC
=>
=>
=>
=>
=>
=>
=>
=>
=>
F1=Help F2=Split F3=Exit F7=Backward F8=Forward F9=Swap
F10=Actions F12=Cancel
Comandos que vamos dar - com esses comandos conseguimos deletar o dataset do usuário e deletar o usuário
1 comando - LISTDSD DA(TESTUSER.**) GENERIC 2 comando - DELDSD TESTUSER.** 3 comando - DELUSER testuser
Criar Usuário
Vamos cadastrar o usuário dentro do RACF - a opção 4 e tecle enter RACF - SERVICES OPTION MENU
OPTION ===> 4
SELECT ONE OF THE FOLLOWING:
1 DATA SET PROFILES
2 GENERAL RESOURCE PROFILES
3 GROUP PROFILES AND USER-TO-GROUP CONNECTIONS
4 USER PROFILES AND YOUR OWN PASSWORD
5 SYSTEM OPTIONS
6 REMOTE SHARING FACILITY
7 DIGITAL CERTIFICATES, KEY RINGS, AND TOKENS
99 EXIT
Licensed Materials - Property of IBM
5647-A01 (C) Copyright IBM Corp. 1983, 2000
All Rights Reserved - U.S. Government Users
Restricted Rights, Use, Duplication or Disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
Opção 1 ADD - TSSUSER
RACF - USER PROFILE SERVICES
OPTION ===> 1
SELECT ONE OF THE FOLLOWING:
1 ADD Add a user profile
2 CHANGE Change a user profile
3 DELETE Delete a user profile
4 PASSWORD Change your own password and related information
5 AUDIT Monitor user activity (Auditors only)
D or 8 DISPLAY Display profile contents
S or 9 SEARCH Search the RACF data base for profiles
ENTER THE FOLLOWING INFORMATION:
USER ===> TSSUSER Userid
Depois disso, você terá a oportunidade de fornecer mais informações sobre o usuário, como nome de usuário, grupo padrão e senha (A senha inicial colocamos SYS1 e confirmamos).
RACF - ADD USER TSSUSER
COMMAND ===>
ENTER THE FOLLOWING INFORMATION:
OWNER IBMUSER_ Userid or group name
USER NAME CSA_________________
DEFAULT GROUP SYS1____ Group name
PASSWORD (case sensitive) ===> sys1 <=== User s initial password
(case sensitive) ===> sys1 <=== Re-enter password to verify
PHRASE (case sensitive)
===>
<=== Up to 100 characters in quotes
===>
<=== Re-enter phrase to verify
INTERVAL ___ 1 - 254 (days), NO, or blank
Só colocamos YES essas opções
RACF - ADD USER TSSUSER
COMMAND ===>
TO ASSIGN USER ATTRIBUTES, ENTER YES:
GROUP ACCESS ===> YES SPECIAL ===> YES
ADSP ===> NO OPERATIONS ===> YES
OIDCARD ===> NO AUDITOR ===> NO
NO-PASSWORD ===> NO RESTRICTED ===> NO
IDENTIFY THE MODEL PROFILE FOR USER DATA SETS (OPTIONAL):
MODEL PROFILE ===>
TO CREATE THE FOLLOWING, ENTER YES (OPTIONAL):
A GENERIC DATA SET PROFILE ===> YES
A MINIDISK PROFILE ===> NO
TO ADD OPTIONAL INFORMATION, ENTER YES ===> yes
Marcamos a opção - / TSO PARAMETERS
RACF - ADD USER MASTER
COMMAND ===>
To ADD the following information, enter any character:
_ CLASS AUTHORITY _ NDS PARAMETERS
_ INSTALLATION DATA _ KERB PARAMETERS
_ GROUP AUTHORITY _ LDAP PROXY PARAMETERS
_ SECURITY LEVEL or CATEGORIES _ ENTERPRISE IDENTITY MAPPING
_ SECURITY LABEL _ CSDATA PARAMETERS
_ LOGON RESTRICTIONS
_ NATIONAL LANGUAGES
_ DFP PARAMETERS
/ TSO PARAMETERS
_ OPERPARM PARAMETERS
_ CICS PARAMETERS
_ WORK ATTRIBUTES
_ OMVS PARAMETERS
_ NETVIEW PARAMETERS
_ DCE PARAMETERS
_ OVM PARAMETERS
_ LNOTES PARAMETERS
Colocamos essas padrões
RACF - ADD USER MASTER
TSO-RELATED INFORMATION
COMMAND ===>
ENTER THE FOLLOWING TSO-RELATED INFORMATION:
JOB CLASS ===>
MESSAGE CLASS ===>
HOLD CLASS ===>
SYSOUT CLASS ===>
ACCOUNT NUMBER ===> ACCT#
LOGON PROCEDURE NAME ===> ISPFPROC
REGION SIZE ===>
UNIT ===>
DESTINATION ID ===>
MAXIMUM REGION SIZE ===>
USER DATA ===>
LOGON SECURITY LABEL ===>
COMMAND ===> ISPF
===>
Feito
RACF - USER PROFILE SERVICES Profile changed
OPTION ===>
SELECT ONE OF THE FOLLOWING:
1 ADD Add a user profile
2 CHANGE Change a user profile
3 DELETE Delete a user profile
4 PASSWORD Change your own password and related information
5 AUDIT Monitor user activity (Auditors only)
D or 8 DISPLAY Display profile contents
S or 9 SEARCH Search the RACF data base for profiles
ENTER THE FOLLOWING INFORMATION:
USER ===> TSSUSER Userid
Tecle PF3 para sair - Nosso trabalho aqui está quase concluído, mas não agora. Após salvar o trabalho anterior, precisamos voltar ao painel principal do RACF. Quando voltarmos ao painel principal precisamos abrir o painel "GROUP PROFILES AND USER-TO-GROUP CONNECTIONS" opção 3
RACF - SERVICES OPTION MENU
OPTION ===> 3
SELECT ONE OF THE FOLLOWING:
1 DATA SET PROFILES
2 GENERAL RESOURCE PROFILES
3 GROUP PROFILES AND USER-TO-GROUP CONNECTIONS
4 USER PROFILES AND YOUR OWN PASSWORD
5 SYSTEM OPTIONS
6 REMOTE SHARING FACILITY
7 DIGITAL CERTIFICATES, KEY RINGS, AND TOKENS
99 EXIT
Licensed Materials - Property of IBM
5647-A01 (C) Copyright IBM Corp. 1983, 2000
All Rights Reserved - U.S. Government Users
Restricted Rights, Use, Duplication or Disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
Neste painel você pode criar, alterar, conectar ou até mesmo remover um grupo do z/OS. Queremos conectar os novos usuários do TSO aos seus grupos de sistemas específicos.
RACF - GROUP PROFILE SERVICES
OPTION ===> 4
SELECT ONE OF THE FOLLOWING.
1 ADD Add a group profile
2 CHANGE Change a group profile
3 DELETE Delete a group profile
4 CONNECT Add or change a user connection
5 REMOVE Remove users from the group
D or 8 DISPLAY Display profile contents
S or 9 SEARCH Search the RACF data base for profiles
ENTER THE FOLLOWING INFORMATION.
GROUP NAME ===>
O primeiro grupo é denominado "sys1", o segundo é denominado "sysctlg" e o último é "vsamdset". Para realmente adicionar o novo usuário TSO, você precisa seguir estas etapas: Grupo SYS1
RACF - GROUP PROFILE SERVICES
OPTION ===> 4
SELECT ONE OF THE FOLLOWING.
1 ADD Add a group profile
2 CHANGE Change a group profile
3 DELETE Delete a group profile
4 CONNECT Add or change a user connection
5 REMOVE Remove users from the group
D or 8 DISPLAY Display profile contents
S or 9 SEARCH Search the RACF data base for profiles
ENTER THE FOLLOWING INFORMATION.
GROUP NAME ===> SYS1
Vamos colocar essas configurações
RACF - ADD OR CHANGE CONNECTION TO SYS1
COMMAND ===>
IDENTIFY THE USER:
USER ===> tssuser Userid
ENTER THE CONNECTION INFORMATION TO BE ADDED OR CHANGED:
OWNER ===> IBMUSER Userid or group name
DEFAULT UACC ===> READ NONE, READ, UPDATE,
CONTROL, or ALTER
GROUP AUTHORITY ===> JOIN USE, CREATE, CONNECT,
or JOIN
Press ENTER to continue.
Colocamos essas opções
RACF - ADD OR CHANGE CONNECTION TO SYS1
COMMAND ===>
TO ALLOW USER ATTRIBUTES, ENTER YES
TO DENY USER ATTRIBUTES, ENTER NO
GROUP ACCESS ===> YES Allow the group to access new group
data sets
ADSP ===> Create discrete profiles for new
permanent data sets
REVOKE ===> YES, NO, mm/dd/yy (date), or blank
RESUME ===> YES, NO, mm/dd/yy (date), or blank
SPECIAL ===> YES Grant group-SPECIAL attribute
OPERATIONS ===> YES Grant group-OPERATIONS attribute
AUDITOR ===> Grant group-AUDITOR attribute
Feito
RACF - GROUP PROFILE SERVICES USER CONNECTED
OPTION ===>
SELECT ONE OF THE FOLLOWING.
1 ADD Add a group profile
2 CHANGE Change a group profile
3 DELETE Delete a group profile
4 CONNECT Add or change a user connection
5 REMOVE Remove users from the group
D or 8 DISPLAY Display profile contents
S or 9 SEARCH Search the RACF data base for profiles
ENTER THE FOLLOWING INFORMATION.
GROUP NAME ===> SYS1
Isso foi para o grupo “ sys1 ”, repita os passos anteriores para os outros dois grupos. Depois de seguir as etapas agora, o novo usuário do TSO está quase pronto para usar, mas precisamos fazer apenas uma coisa:
Menu Utilities Compilers Options Status Help
--------------------------------------------------------------------------------
ISPF Primary Option Menu
Option ===> 6
0 Settings Terminal and user parameters User ID . : IBMUSER
1 View Display source data or listings Time. . . : 08:46
2 Edit Create or change source data Terminal. : 3278
3 Utilities Perform utility functions Screen. . : 1
4 Foreground Interactive language processing Language. : ENGLISH
5 Batch Submit job for language processing Appl ID . : ISR
6 Command Enter TSO or Workstation commands TSO logon : ISPFPROC
7 Dialog Test Perform dialog testing TSO prefix:
9 IBM Products IBM program development products System ID : ADCD
10 SCLM SW Configuration Library Manager MVS acct. : ACCT#
11 Workplace ISPF Object/Action Workplace Release . : ISPF 6.0
M More Additional IBM Products
Enter X to Terminate using log/list defaults
Depois de abrir a linha de comando no z/OS, você precisará colar esses comandos um após um. Você pode simplesmente digitá-lo e clicar em Enter.
pe acct# class(acctnum) id(TSSUSER) access(read) pe acct class(tsoauth) id(TSSUSER) access(read) pe jcl class(tsoauth) id(TSSUSER) access(read) pe oper class(tsoauth) id(TSSUSER) access(read)
Executados com sucesso
Menu List Mode Functions Utilities Help
--------------------------------------------------------------------------------
ISPF Command Shell
Enter TSO or Workstation commands below:
===>
Place cursor on choice and press enter to Retrieve command
=> pe oper class(tsoauth) id(TSSUSER) access(read)
=> pe jcl class(tsoauth) id(TSSUSER) access(read)
=> pe acct class(tsoauth) id(TSSUSER) access(read)
=> pe acct# class(acctnum) id(TSSUSER) access(read)
=> pe acct# class(acctnum) id(CSA) access(read)
=> DELUSER master
=> DELDSD master.*
=> SETROPTS GENERIC(DATASET) REFRESH
=> LISTDSD DA(MASTER.*) GENERIC
=> makesite hlq=tcpip
Após este ponto, o novo usuário TSO está totalmente concluído e funciona completamente. Agora a última coisa a fazer é testar o usuário e tentar fazer o login:
z/OS Z110 Level 0809 IP Address =
VTAM Terminal = LCL702
Application Developer System
// OOOOOOO SSSSS
// OO OO SS
zzzzzz // OO OO SS
zz // OO OO SSSS
zz // OO OO SS
zz // OO OO SS
zzzzzz // OOOOOOO SSSS
System Customization - ADCD.Z110.*
===> Enter "LOGON" followed by the TSO userid. Example "LOGON IBMUSER" or
===> Enter L followed by the APPLID
===> Examples: "L TSO", "L CICS", "L IMS3270
l tso
Vamos logar com o nosso novo usuário
IKJ56700A ENTER USERID -
tssuser
Após este ponto, o novo usuário TSO está totalmente concluído e funciona completamente. Agora a última coisa a fazer é testar o usuário e tentar fazer o login:
------------------------------- TSO/E LOGON -----------------------------------
Enter LOGON parameters below: RACF LOGON parameters:
Userid ===> TSSUSER
Password ===> sys1 New Password ===>
Procedure ===> ISPFPROC Group Ident ===>
Acct Nmbr ===> ACCT#
Size ===>
Perform ===>
Command ===> ISPF
Enter an 'S' before each option desired below:
-Nomail -Nonotice -Reconnect -OIDcard
PF1/PF13 ==> Help PF3/PF15 ==> Logoff PA1 ==> Attention PA2 ==> Reshow
You may request specific help information by entering a '?' in any entry field
Então você pode ver que me diz "CURRENT PASSWORD HAS EXPIRED - PLEASE ENTER NEW PASSWORD" Então neste caso basta digitar uma nova senha para o usuário “TSSUSER”.
------------------------------- TSO/E LOGON -----------------------------------
IKJ56415I CURRENT PASSWORD HAS EXPIRED - PLEASE ENTER NEW PASSWORD
IKJ56429A REENTER -
Enter LOGON parameters below: RACF LOGON parameters:
Userid ===> TSSUSER
Password ===> *New Password ===> ibmuser
Procedure ===> ISPFPROC Group Ident ===>
Acct Nmbr ===> ACCT#
Size ===>
Perform ===>
Command ===> ISPF
Enter an 'S' before each option desired below:
-Nomail -Nonotice -Reconnect -OIDcard
PF1/PF13 ==> Help PF3/PF15 ==> Logoff PA1 ==> Attention PA2 ==> Reshow
You may request specific help information by entering a '?' in any entry field
Então você pode ver que me diz "IKJ56447A Reenter the new password in the NEW PASSWORD field for verification". Então neste caso basta digitar uma nova senha para o usuário “TSSUSER”. Após inserir novamente a nova senha:
------------------------------- TSO/E LOGON -----------------------------------
IKJ56447A Reenter the new password in the NEW PASSWORD field for verification
Enter LOGON parameters below: RACF LOGON parameters:
Userid ===> TSSUSER
Password ===> *New Password ===> ibmuser
Procedure ===> ISPFPROC Group Ident ===>
Acct Nmbr ===> ACCT#
Size ===>
Perform ===>
Command ===> ISPF
Enter an 'S' before each option desired below:
-Nomail -Nonotice -Reconnect -OIDcard
PF1/PF13 ==> Help PF3/PF15 ==> Logoff PA1 ==> Attention PA2 ==> Reshow
You may request specific help information by entering a '?' in any entry field
Acessamos
ICH70001I TSSUSER LAST ACCESS AT 09:05:03 ON THURSDAY, MAY 16, 2024
***
Acessamos
TSSUSER LOGON IN PROGRESS AT 09:08:11 ON MAY 16, 2024
NO BROADCAST MESSAGES
*****************************************************************
* *
* APPLICATION DEVELOPER'S CONTROLLED DISTRIBUTION (ADCD) *
* *
* ADCD.Z110.CLIST(ISPFCL) PRODUCES THIS MESSAGE *
* ADCD.* DATASETS CONTAIN SYSTEM CUSTOMIZATION *
* SMP/E DATASETS CAN BE LOCATED FROM 3.4 WITH DSNAME **.CSI *
* HTTP://DTSC.DFW.IBM.COM/ADCD.HTML CONTAINS DOCUMENTATION *
* *
* USERID PASSWORD COMMENT *
* ---------------- ------------ -------------- *
* IBMUSER - SYS1/IBMUSER FULL AUTHORITY *
* ADCDMST - ADCDMST FULL AUTHORITY *
* ADCDA THRU ADCDZ - TEST LIMITED AUTHORITY(NO OMVS)*
* OPEN1 THRU OPEN3 - SYS1 UID(0) (NO TSO) *
* *
*****************************************************************
ISPF
***
Acessamos
Menu Utilities Compilers Options Status Help
--------------------------------------------------------------------------------
ISPF Primary Option Menu
0 Settings Terminal and user parameters User ID . : TSSUSER
1 View Display source data or listings Time. . . : 09:08
2 Edit Create or change source data Terminal. : 3278
3 Utilities Perform utility functions Screen. . : 1
4 Foreground Interactive language processing Language. : ENGLISH
5 Batch Submit job for language processing Appl ID . : ISR
6 Command Enter TSO or Workstation commands TSO logon : ISPFPROC
7 Dialog Test Perform dialog testing TSO prefix: TSSUSER
9 IBM Products IBM program development products System ID : ADCD
+-----------------------------------------------+r MVS acct. : ACCT#
! Licensed Materials - Property of IBM ! Release . : ISPF 6.0
! 5694-A01 Copyright IBM Corp. 1980, 2008. !
! All rights reserved. !
! US Government Users Restricted Rights - !
! Use, duplication or disclosure restricted !s
! by GSA ADP Schedule Contract with IBM Corp. !
+-----------------------------------------------+
Option ===>
F1=Help F2=Split F3=Exit F7=Backward F8=Forward F9=Swap
F10=Actions F12=Cancel
Resumo dos Comandos RACF
Comandos do RACFADDGROUP (Add group profile) ADDSD (Add data set profile) ADDUSER (Add user profile) ALTDSD (Alter data set profile) ALTGROUP (Alter group profile) ALTUSER (Alter user profile) CONNECT (Connect user to group) DELDSD (Delete data set profile) DELGROUP (Delete group profile) DELUSER (Delete user profile) DISPLAY (Display signed-on-from list) HELP (Obtain RACF help) LISTDSD (List data set profile) LISTGRP (List group profile) LISTUSER (List user profile) PASSWORD or PHRASE (Specify user password or password phrase) PERMIT (Maintain resource access lists) RACDCERT (Manage RACF digital certificates) RACLINK (Administer user ID associations) RACMAP (Create, delete, list, or query a distributed identity filter) RACPRIV (Set write-down privileges) RACPRMCK (Validate parmlib member syntax) RALTER (Alter general resource profile) RDEFINE (Define general resource profile) RDELETE (Delete general resource profile) REMOVE (Remove user from group) RESTART (Restart RACF subsystem functions) RLIST (List general resource profile) RVARY (Change status of RACF database) SEARCH (Search RACF database) SET SETROPTS (Set RACF options) SIGNOFF (Sign off sessions) STOP (Stop RACF subsystem) TARGET (Manage RRSF nodes)
Mapa
+-----------+-----------+-----------+-----------+ | | | | GENERAL | | USER | GROUP | DATASET | RESOURCE | +-----------+-----------+-----------+-----------+ | ADDUSER | ADDGROUP | ADDSD | RDEFINE | | ALTUSER | ALTGROUP | ALTDSD | RALTER | | DELUSER | DELGROUP | DELDSD | RDELETE | | LISTUSER | LISTGRP | LISTDSD | RLIST | | PASSWORD | | | | | PHRASE | | | | +-----------+-----------+-----------+-----------+ | CONNECT | | | REMOVE | PERMITE | +-----------------------+-----------------------+
Comandos executados
Resetar a senha do usuário TEXASALU texas RESUME PASS(missa)
P.6
CUSTOMPAC MASTER APPLICATION MENU
OPTION ===> P.6 SCROLL ===> PAGE
USERID - TSSUSER
TIME - 07:59
IS ISMF - Interactive Storage Management Facility
P PDF - ISPF/Program Development Facility
IP IPCS - Interactive Problem Control Facility
DI DITTO - Data Interfile Transfer, Testing and Operations
SD SDSF - System Display and Search Facility
IC ICSF - Integrated Cryptographic Service Facility
HC HCD - Hardware Configuration Definition
BMR BMR READ - BookManager Read (Read Online Documentation)
BMI BMR INDX - BookManager Read (Create Bookshelf Index)
S SORT - DF/SORT Dialogs
OU USER - z/OS ISPF User Options
R RACF - Resource Access Control Facility
OS SUPPORT - z/OS ISPF System Support Options
SM SMP/E - SMP/E Dialogs
TS TSS - TOP SECRET
F1=HELP F2=SPLIT F3=END F4=RETURN F5=RFIND F6=RCHANGE
F7=UP F8=DOWN F9=SWAP F10=LEFT F11=RIGHT F12=RETRIEVE
Resetar a Senha
Comando para resetar a senha - ALU TEXAS RESUME PASS(missa) Menu List Mode Functions Utilities Help
------------------------------------------------------------------------------
ISPF Command Shell
Enter TSO or Workstation commands below:
===> ALU TEXAS RESUME PASS(missa)
Place cursor on choice and press enter to Retrieve command
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
F1=Help F2=Split F3=Exit F7=Backward F8=Forward F9=Swap
F10=Actions F12=Cancel
Display do Usuário
LISTUSER usuario Menu List Mode Functions Utilities Help
------------------------------------------------------------------------------
ISPF Command Shell
Enter TSO or Workstation commands below:
===> LISTUSER TEXAS
Place cursor on choice and press enter to Retrieve command
=> LISTUSER TEXAS
=> LISTUSER
=> ALU TEXAS RESUME PASS(missa)
=>
=>
=>
=>
=>
=>
=>
F1=Help F2=Split F3=Exit F7=Backward F8=Forward F9=Swap
F10=Actions F12=Cancel
Resultado
USER=TEXAS NAME=UNKNOWN OWNER=DEPART CREATED=24.131
DEFAULT-GROUP=DEPART PASSDATE=00.000 PASS-INTERVAL= 30 PHRASEDATE=N/A
ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
LAST-ACCESS=24.135/08:01:59
CLASS AUTHORIZATIONS=NONE
INSTALLATION-DATA=TEXAS
NO-MODEL-NAME
LOGON ALLOWED (DAYS) (TIME)
---------------------------------------------
ANYDAY ANYTIME
GROUP=DPTAB AUTH=USE CONNECT-OWNER=DEPART CONNECT-DATE=24.131
CONNECTS= 00 UACC=NONE LAST-CONNECT=UNKNOWN
CONNECT ATTRIBUTES=NONE
SETROPTS LIST
Display da SETROPTS Menu List Mode Functions Utilities Help
------------------------------------------------------------------------------
ISPF Command Shell
Enter TSO or Workstation commands below:
===> SETROPTS LIST
Place cursor on choice and press enter to Retrieve command
=> SETROPTS LIST
=> LISTDSD DATASET('cpac' ) ALL GENERIC
=> LISTDSD DATASET('sys1' ) ALL GENERIC
=> LISTUSER
=> LISTDSD DATASET('cpac') ALL
=> LISTDSD DATASET('ibm') ALL
=> LISTDSD DATASET('ibm') ALL
=>
=>
=>
F1=Help F2=Split F3=Exit F7=Backward F8=Forward F9=Swap
F10=Actions F12=Cancel
Resultado
ATTRIBUTES = INITSTATS NOWHEN(PROGRAM)
STATISTICS = NONE
ACTIVE CLASSES = DATASET USER GROUP ACCTNUM JESJOBS TSOAUTH TSOPROC
GENERIC PROFILE CLASSES = DATASET JESJOBS STARTED TSOAUTH
GENERIC COMMAND CLASSES = DATASET ACCTNUM JESJOBS STARTED TSOAUTH
GENLIST CLASSES = NONE
GLOBAL CHECKING CLASSES = NONE
SETR RACLIST CLASSES = NONE
GLOBAL=YES RACLIST ONLY = NONE
AUTOMATIC DATASET PROTECTION IS IN EFFECT
ENHANCED GENERIC NAMING IS IN EFFECT
REAL DATA SET NAMES OPTION IS INACTIVE
JES-BATCHALLRACF OPTION IS INACTIVE
JES-XBMALLRACF OPTION IS INACTIVE
JES-EARLYVERIFY OPTION IS INACTIVE
PROTECT-ALL IS ACTIVE, CURRENT OPTIONS:
PROTECT-ALL WARNING OPTION IS IN EFFECT
TAPE DATA SET PROTECTION IS INACTIVE
SECURITY RETENTION PERIOD IN EFFECT IS 0 DAYS.
ERASE-ON-SCRATCH IS INACTIVE
SINGLE LEVEL NAMES NOT ALLOWED
LIST OF GROUPS ACCESS CHECKING IS INACTIVE.
INACTIVE USERIDS ARE NOT BEING AUTOMATICALLY REVOKED.
NO DATA SET MODELLING BEING DONE.
PASSWORD PROCESSING OPTIONS:
PASSWORD CHANGE INTERVAL IS 30 DAYS.
PASSWORD MINIMUM CHANGE INTERVAL IS 0 DAYS.
MIXED CASE PASSWORD SUPPORT IS NOT IN EFFECT
3 GENERATIONS OF PREVIOUS PASSWORDS BEING MAINTAINED.
AFTER 3 CONSECUTIVE UNSUCCESSFUL PASSWORD ATTEMPTS,
A USERID WILL BE REVOKED.
PASSWORD EXPIRATION WARNING LEVEL IS 3 DAYS.
INSTALLATION PASSWORD SYNTAX RULES:
RULE 1 LENGTH(4:8) ********
LEGEND:
A-ALPHA C-CONSONANT L-ALPHANUM N-NUMERIC V-VOWEL W-NOVOWEL *-ANYTHING
c-MIXED CONSONANT m-MIXED NUMERIC v-MIXED VOWEL $-NATIONAL
DEFAULT RVARY PASSWORD IS IN EFFECT FOR THE SWITCH FUNCTION.
DEFAULT RVARY PASSWORD IS IN EFFECT FOR THE STATUS FUNCTION.
SECLABEL CONTROL IS NOT IN EFFECT
GENERIC OWNER ONLY IS NOT IN EFFECT
COMPATIBILITY MODE IS NOT IN EFFECT
MULTI-LEVEL QUIET IS NOT IN EFFECT
MULTI-LEVEL STABLE IS NOT IN EFFECT
NO WRITE-DOWN IS NOT IN EFFECT
MULTI-LEVEL ACTIVE IS NOT IN EFFECT
CATALOGUED DATA SETS ONLY, IS NOT IN EFFECT
USER-ID FOR JES NJEUSERID IS : ????????
USER-ID FOR JES UNDEFINEDUSER IS : ++++++++
PARTNER LU-VERIFICATION SESSIONKEY INTERVAL MAXIMUM/DEFAULT IS 30 DAYS.
ADDCREATOR IS NOT IN EFFECT
KERBLVL = 0
MULTI-LEVEL FILE SYSTEM IS NOT IN EFFECT
MULTI-LEVEL INTERPROCESS COMMUNICATIONS IS NOT IN EFFECT
MULTI-LEVEL NAME HIDING IS NOT IN EFFECT
SECURITY LABEL BY SYSTEM IS NOT IN EFFECT
PRIMARY LANGUAGE DEFAULT : ENU
SECONDARY LANGUAGE DEFAULT : ENU
***
Criando Usuário via Job
Um exemplo de como vamos criar um usuário via job para acessar o TSO//AAFSNATC JOB (AAFA,DIBD),CLAU,CLASS=S,MSGCLASS=A
//* --------------------------------------------------------------
//* CRIANDO UM USUARIO NO RACF
//* --------------------------------------------------------------
//S0 EXEC PGM=IKJEFT01,DYNAMNBR=75,TIME=100,REGION=6M
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTERM DD DUMMY
//SYSUADS DD DSN=SYS1.UADS,DISP=SHR
//SYSLBC DD DSN=SYS1.BRODCAST,DISP=SHR
//SYSTSIN DD *
DELUSER MASTER
ADDUSER MASTER +
NAME('MESTRE') +
OWNER(IBMUSER) +
PASSWORD(INITPW) +
TSO( +
ACCTNUM(ACCT#) +
PROC(ISPFPROC) +
COMMAND(ISPF) +
JOBCLASS(A) +
MSGCLASS(X) +
HOLDCLASS(X) +
SYSOUTCLASS(X) +
SIZE(40000) +
MAXSIZE(0) ) +
OMVS(HOME('/HOME/MASTER ') +
PROGRAM('/BIN/SH') +
UID(512) )
PERMIT JCL CLASS(TSOAUTH) ID(MASTER ) ACCESS(READ)
PERMIT OPER CLASS(TSOAUTH) ID(MASTER ) ACCESS(READ)
PERMIT ACCT# CLASS(ACCTNUM) ID(MASTER ) ACCESS(READ)
PERMIT ISPFPROC CLASS(TSOPROC) ID(MASTER ) ACCESS(READ)
SETROPTS REFRESH RACLIST(TSOPROC)
SETROPTS REFRESH RACLIST(TSOAUTH)
SETROPTS REFRESH RACLIST(ACCTNUM)
0 comentários:
Enviar um comentário