IBM Security zSecure, Version 2.2.1


IBM® Security zSecure™ Admin and IBM Security zSecure Audit for RACF are two distinct but complementary products that you can use to administer and audit RACF® systems.

zSecure Admin provides RACF management and administration at the system, group, and individual levels along with RACF command generation. zSecure Audit provides RACF and z/OS® monitoring, Systems Management Facility (SMF) reporting, z/OS integrity checking, change tracking, and library change detection. Both products provide displaying, reporting and verifying functionality for RACF profiles and show the z/OS tables that describe the Trusted Computing Base (TCB). Figure 1 shows the functionality available in each product and shows the complementary functionality that is provided in both products.

zSecure Admin and zSecure Audit for RACF are licensed individually, but can be used together.
Figure 1. zSecure Admin and zSecure Audit product functions
Illustration showing the overlapping functionality

The primary processing programs are large modules that can be used in batch or interactive mode. Interactive mode is most common, although batch mode can be useful for automated, periodic checks and for producing daily reports.

zSecure Admin and zSecure Audit provide an interactive user interface that is implemented in ISPF by using the panel, skeleton, and message libraries that are supplied with zSecure. ISPF is the main program that runs during an interactive session, calling the zSecure application program as needed. The interactive panels call the CKRCARLA load module as needed.

Figure 2 illustrates the general data flow for zSecure Admin and zSecure Audit. The user works through ISPF panels, which generate commands that are sent to the CKRCARLA program. The program returns results that are displayed through ISPF panels.
Figure 2. Conceptual data flow
Conceptual data flow for Tivoli zSecure Admin and Audit for RACF
This general design, with separate interactive and noninteractive components, has several practical advantages:
  • It separates interactive interfaces from the application program. This separation gives you more flexibility in designing and using the interfaces and programs, especially when you customize the ISPF interface.
  • Any functions that can be run interactively can also be run in batch mode.
  • zSecure Admin and zSecure Audit for RACF can create customized reports by using the CARLa Auditing and Reporting Language (CARLa) and run these reports from the ISPF panels.
  • The products can be used remotely in cases where a TSO connection is not possible or practical, in NJE networks, for example.