Responsibilities of the Implementation Team
Some of the responsibilities that might be assigned to the implementation
team are:
- Defining RACF® security objectives
- Deciding what to protect and how to report attempted violations
- Establishing resource ownership structures
- Developing the RACF implementation plan and installing RACF
- Educating all users of the RACF-protected system
A typical list of implementation team members and their responsibilities is shown in Table 1.
| User Type | Responsibility |
|---|---|
| Security Administrator | As security administrator, you have overall responsibility for RACF implementation. It is your job to ensure that the work of the implementation team is consistent with good security practice and in line with the security policy established earlier. (For example, on z/VM® systems, you will need to have someone look at what security is currently defined in the z/VM directory and decide if that security is sufficient for your needs under RACF.) In addition, you or your delegate administrators should be responsible for educating the installation users about how RACF will be implemented. (That is, will there be a grace period before the new security procedures take effect? How will the implementation of RACF affect the day-to-day responsibilities of each user?) |
| Technical Support Person | The technical support person is normally a system programmer who installs RACF and maintains the RACF database. This person has overall responsibility for the programming aspects of system protection and provides technical input on the feasibility of implementing various aspects of the implementation plan. In addition, the technical support person writes, installs, and tests RACF exit routines, if they are required. If your installation has both z/OS® and z/VM and you are using RACF on both systems, you should ensure that technical personnel and other representatives of both systems are members of the implementation team. For more information, see z/VM: RACF Security Server System Programmer's Guide. |
| Auditor | The auditor provides guidance on good auditing practice as it relates to data security and user access. This person implements the necessary RACF logging and reporting options to provide an effective audit of security measures. For more information on the auditor's duties, see z/VM: RACF Security Server Auditor's Guide. This publication outlines the procedures that a system auditor should follow and describes the RACF report writer and the data security monitor. |
| User Representative | The user representative should be a prospective group administrator who represents a major application area—perhaps a user support services or liaison function. |
| Other Users | Other users might be considered as members of
the implementation team if appropriate. For example:
|
The rest of this chapter discusses some of the major responsibilities of the security implementation team.