Technical
The following questions provide technical orientation.
- What RACF® exit routines
are used, and what functions do they perform? The following list
identifies the exits. You can use the DSMON reports to answer this
particular question.
-
- Exit Routine
- Function
- ICHDEX01
- password authentication
- ICHDEX11
- password authentication
- ICHRIX01
- RACROUTE REQUEST=VERIFY preprocessing
- ICHRIX02
- RACROUTE REQUEST=VERIFY postprocessing
- ICHRCX01
- RACROUTE REQUEST=AUTH preprocessing
- ICHRCX02
- RACROUTE REQUEST=AUTH postprocessing
- ICHRDX01
- RACROUTE REQUEST=DEFINE preprocessing
- ICHRDX02
- RACROUTE REQUEST=DEFINE postprocessing
- ICHCCX00
- command preprocessing
- ICHCNX00
- command preprocessing
- ICHRFX01
- RACROUTE REQUEST=FASTAUTH preprocessing
- ICHRFX02
- RACROUTE REQUEST=FASTAUTH postprocessing
- ICHRFX03
- RACROUTE REQUEST=FASTAUTH preprocessing
- ICHRFX04
- RACROUTE REQUEST=FASTAUTH postprocessing
- ICHPWX01
- new password
- ICHPWX11
- new password phrase
- ICHRLX01
- RACROUTE REQUEST=LIST pre/postprocessing
- ICHRLX02
- RACROUTE REQUEST=LIST selection
- ICHRSMFE
- report writer
- IRRACX01
- ACEE compression and expansion
- IRRACX02
- ACEE compression and expansion
- IRREVX01
- command pre/postprocessing
- IRRVAF01
- custom field validation exit
-
- How are the exit routine functions and changes authorized and controlled?
- Who is allowed to update exit routine code (both source and load form)?
- What SETROPTS options are used? Are any important protection or monitoring functions set off?
- Have basic RACF facilities been enhanced, excluding exit routine code?
- How many primary RACF databases are there? You can use the DSMON reports to answer this particular question.
- Does each primary RACF database have a backup on a different volume? You can use the DSMON reports to answer this particular question.
- What other backup facilities exist for RACF databases?
- How is the RACF database synchronized after a restore?
- Are all RACF databases adequately protected, and who has access to them? You can use the DSMON reports to answer this particular question.
- How does the installation control the switching and deactivating of the RACF databases (RVARY command, IPL/database name table)?
- Are any special checks required on the use of PERMIT?
- How are passwords and password phrases protected against disclosure when batch jobs are submitted through internal readers?
- How are restores of entire volumes handled? How are synchronization problems between volumes and the RACF databases resolved?
- What are the RACF class names as defined in the class descriptor table? What are the UACCs associated with these names? Can OPERATIONS users access the resources by default? You can use the DSMON reports to answer this particular question.
- Is there a global access table, and what resources are specified in the table? You can use the DSMON reports to answer this particular question.
- What is in the started procedures table (ICHRIN03), and is the authority of the associated user IDs appropriate? You can use the DSMON reports to answer this particular question.