The System Authorization Facility (SAF) is used by z/OS and compatible sites to provide rigorous control of the resources available to a user or group of users. Security packages such as RACF, CA-ACF2, and CA-Top Secret allow the system administrator:
to maintain user identification credentials such as User ID and password; and
to establish profiles determining the datasets, storage volumes, transactions, and reports available to a user.
The resulting security repository and the infrastructure to administer it represent a significant investment. At the same time, the volume of critical information held by a business is constantly growing, as is the number of users referencing the data. The challenge of controlling these ever-increasing accesses requires a solution that is flexible, easy to implement and, above all, one that safeguards the company's investment.
NETSAF (product code WAF) is a separate product for z/OS environments which provides point of access verification for incoming requests.
Refer to Entire Net-Work SAF Security Interface (NETSAF) for more information.
Adabas SAF Security (product code AAF) is a separate product for z/OS environments which enhances the scope of SAF-based security packages by integrating Adabas and Entire Net-Work resources into the central security repository.
With Entire Net-Work version 6.5 SP2 or above, and in conjunction with Adabas SAF Security, the following security-related facilities are available:
Note:
The pre-requisites for providing this protection are:
Adabas version 8.5 SP2 or above
Adabas Limited Library (WAL) version 8.5 SP2 or above
Adabas SAF Security version 8.2 SP2 Patch level 2 or above
Entire Net-Work start-up can be protected by defining appropriate resource profiles denoting Target ID and SVC number.
Refer to the Operations section of the Adabas SAF Security documentation for more information on this topic including the format of the resource names used.
Entire Net-Work administration functions can be protected ensuring unauthorized use of such functions is not permitted.
For example, a user or group may be allowed to use the
DISPLAY command to display current information about a
network component but disallowed from using the SET command
to dynamically change parameter settings.
Refer to the Operations section of the Adabas SAF Security documentation for more information on this topic including the list of applicable administration functions and the format of the resource names used.
This protection is available for operator commands issued from both the console and the Programmable Command Interface (PCI).