RACF Users' News # 66

March, 2005 Newsletter

Issue No. 66

RACF (part of z/OS Security Server) is a trademark of IBM. This newsletter is not affiliated with IBM in any way.

Free Training for You on Hot Topics

The topics include:

This free training is offered at IBM in NYC at the next meeting of the NYRUG on April 27. See inside for details and how to pre-register.

Today's Proverbs

(Source Unknown) "A Password is like a toothbrush.... it's used daily, must be changed regularly, and you don't share it with others"


"Passwords should be easy to remember, but difficult to guess."

NEW YORK RUG Meeting Dates

Wednesday, April 27, 2005 from 10AM to around 5PM. PLEASE NOTE THIS IS A SPECIAL MEETING WITH DIFFERENT TIMES AND REGISTRATION REQUIRED. THIS IS A LOT OF TRAINING AVAILABLE IN ONE DAY. You will not be allowed to attend without pre-registering (it's free), as described inside. Mark your calendars now. See inside for details. The meeting after that will be in October, probably on a Tuesday. Please note the NYRUG will meet twice a year from now on.


Vanguard Conference on East Coast This Time

It's scheduled for May 8-12, 2005 in Orlando, FL.

From the RACF-L List Server

RACF is bypassed when programs in supervisor state or with protect key zero open VSAM datasets. Such programs can bypass RACF in other ways if they wish. This applies only to VSAM datasets. Not everyone agrees with the design decision (see the thread on the RACF-L), but we think everyone should be aware of it in any case.

To Get a Free Subscription to the RACF User News

Phone Stu at (301) 229-7187 with your request, leaving your name, postal address (sorry, only US postal addresses; others will need to read issues online), and phone. For back issues and articles on topics like the SERVAUTH resource class, check his website: www.stuhenderson.com 

The find Command in USS, Almost as Sexy as SEARCH

If you think the SEARCH command is the sexiest command in all RACF, you're right. And you'll probably want to know about the find command in USS. (The find command is the second sexiest command in USS. The sexiest is named grep, but this is a family publication.) If you are responsible for dataset security in RACF, you should also be responsible for file security in USS. So here are some examples of the find command, followed by a little bit of syntax rules. If you are an auditor, this command will make your audit much easier.

Some Syntax Rules

The find command is followed by a pathname and then some flags. The pathname identifies the starting point for the operation in the USS file directory tree. (This is similar to the directory tree on your Windows computer. Or think of the RACF group tree structure, with a directory named / replacing SYS1 at the top.)

You can recognize the flags because they are preceded by dashes. The flags let you specify one or more conditions to be met for a file to selected by find. To have more than one condition, separate the flags with -a or -o. The -a flag connects the conditions with a logical and. The -o connects them with a logical or. The ! exclamation point means not.

Other conditions include:

Note to Auditors

Which of these would you use in your audit program?

Fantastic Contest

The Henderson Group will award a beautiful prize (a handsome black canvas Henderson Group briefcase) to the winner of this contest. The winner will be the person who submits the coolest example of a way to use the find command in USS. All entries must be received by the Henderson Group by May 31, 2005. Opinion of the judge is final.

Interesting Products

(Please note that it is your responsibility to evaluate any product for yourself. We do not recommend products; we just tell you about ones we think you might find interesting.)

Get Others Comments on Seminars Before You Take Them, Share Your Comments

There is a new website www.trainingreviews.com  that lets people share their comments and evaluations about various training they have taken. We have no association with this site, and pass it along to you for you to evaluate yourself. If you find it useful, please let us know. If you have taken a course and want to share your opinions, let trainingreviews know.

NYRUG (New York RACF Users Group):

Our next meeting is at IBM, 590 Madison Avenue, Room (room 1219). Attendees must present a government issued photo ID to enter the building. Admission is free to hear these great speakers, but you must pre-register by emailing NO LATER THAN NOON APRIL 26, 2005 to Mark Nelson (markan@us.ibm.com) with "NYRUG MEET" in the subject line and your name and company in the body. Pre-registration is highly recommended. Once again, we have some of the best speakers possible on topics you need to learn about. All speakers are from IBM unless otherwise noted. Starting at 10AM: Ending a Little Before 5PM

Starting at 10:00 AM

(Please note that times are approximate and that speakers and topics are subject to revision.)

Time: Wednesday, April 27, 2005 from 10AM to around 5PM.

Place: IBM, 590 Madison Avenue in Room 1219. Attendees must present a photo ID to enter the building and must pre-register in advance.


BWRUG (Baltimore/Washington RUG): Next Meeting

The BWRUG is looking for someone to volunteer a to host a meeting. This should not be a software vendor or a consultant, but someone in an organization that uses RACF and would like to support information sharing. You'll need to provide a meeting room during normal business hours, and perhaps coffee and cookies. We will provide speakers and publicity. Contact Stu if you'd like to make this happen. Sorry, but vendors are not invited to host meetings.

New Free Email Newsletter for Mainframe Auditors
To learn more about the Mainframe Audit News (MA News), check Stu's website: http://www.stuhenderson.com 

HG How to Audit Training Schedule:
The Henderson Group now offers its series of "How to Audit.." seminars for IT auditors. These describe clearly how the associated software works, where the control points are, how to collect and interpret data, and how to conduct the audit. More information is available at our website: www.stuhenderson.com  If you have a class you would like to have added to this series, please let us know. (See info on "RACF and Security" classes below.)

  A)    HG64 How to Audit MVS, RACF, ACF2, CICS, and DB2 ($1450)      
                Nov. 2-4,        2005 in Washington, DC

  B)    HG73 How to Audit CICS ($410)  
                Apl. 28,         2005 in Washington, DC 

  C)    HG74 How to Audit RACF ($820)  
                Apl.  7-8,       2005 in Washington, DC

  D)    HG75 How to Audit MVS ($410)  
                Apl.  29,        2005 in Washington, DC

HG RACF and Security Training Schedule: (Avoid the Price Increase by Attending Before 2006)
The Henderson Group offers its RACF and computer security/audit seminars around the country and on-site too. See the details below or call (301) 229-7187 for a free seminar catalog. For more info or to see what students say about these classes, please go to www.stuhenderson.com . (See info on "How to Audit ..." classes above.)

  1)    HG04 Effective RACF Administration    ($1895 in 2005, $1995 in 2006)  
                May    3-6,              2005 in Washington, DC
                Sept 12-15.,             2005 in New York City
                Feb. 27-Mar. 2,          2006 in Clearwater, FL

  2)    HG05 Advanced RACF Administration  ($1890 in 2005, $1990 in 2006)
                May   24-27,             2005 in Washington, DC
                Sept. 19-22,             2005 in New York City
                Mar.  6-9,               2006 in Clearwater, FL

  3)    HG06 UNIX (USS) for RACF Administrators  ($410 in 2005, $460 in 2006)
                Apl     15,              2005 in Washington, DC
                Sept.   16,              2005 in New York City
                March    3,              2006 in Clearwater, FL

  4)    HG17 Comprehensive z/OS Security (Formerly: How to Be an Effective 
        z/OS or OS/390 (MVS) Data Security Officer) (covers CICS, VTAM, DB2, 
        and JES security along with MVS security, SAF, OS/390, and z/OS)  ($1190)             
                May 18-20,               2005 in Washington, DC

Permanently Interesting Products Column
This column has been permanently moved from this newsletter to Stu's website. You can find it at: www.stuhenderson.com/XINFOTXT.HTM 

RACF User Services (Newsletter Subscriptions / Key Phone Numbers / Addresses)

RACF List Server on the Internet
To join, send E-mail to the administrator for the server. (Don't send it to the server itself or your request will be routed to every subscriber.) For example, if your name is John Smith and you want to subscribe, then send this E-mail:

subscribe racf-l john smith

to the address: listserv@listserv.uga.edu

The reply will include directions on how to get info such as a list of all subscribers, an index to previous comments, and a command summary. You will want to set up a filter for incoming emails to direct mail from the list server to a dedicated folder or directory.

New Free Email Newsletter for Mainframe Auditors
To learn more about the Mainframe Audit News (MA News), check Stu's website at: http://www.stuhenderson.com 

The RACF User News
is published two times a year (December, March, and September) to share information about RACF. All information in it is offered on an "as is" basis, and should be used at your own risk, and with your own testing.

Other Internet places:

Stuart Henderson
(301) 229-7187
5702 Newington Road Bethesda, MD 20816-1282

Copyright ©: 2005, Stuart C. Henderson