Tivoli zSecure helps adjust RACF permissions for greater security
With the last few releases of the Tivoli zSecure suite, IBM has literally introduced game-changing characteristics to mainframe security.
zSecure release 1.9.1, back in 2008, added a capability known as Resource Access Control Facility (RACF) Offline. The primary benefit is testing the syntax of RACF commands to ensure they run properly when issued on a production environment. Testing RACF commands prior to issuing them has traditionally been an almost impossible task in z/OS environments. The only truly successful method has been to completely replicate the production security system in a non-production environment, something that most customers shy away from for simple cost and management overhead reasons.
This capability to test large numbers of RACF commands intended to be issued in batch is vital during large RACF change programs or database merges. This process is an essential part of any complete z/OS security management solution, however not something most customers need to do every day.
We’ll see, though, how RACF Offline is going to provide an essential piece of the z/OS RACF security puzzle in solving even more pernicious z/OS security management issues.