IBM Z and LinuxONE - IBM Z - Group home

#006 (Statement of direction) SDSF utilization of system authorization facility (SAF) resources for security

By Shigeki Kimura posted Fri September 25, 2020 02:15 AM

  
The following "Statement of direction" has been announced this week.

https://www.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS220-378/index.html&request_locale=en#sodx
IBM z/OS V2.4 3Q 2020 new functions and enhancements
IBM United States Software Announcement 220-378 (September 22, 2020)
Statement of direction

SDSF utilization of system authorization facility (SAF) resources for security
For more than a decade, IBM has been strongly recommending that SDSF security definitions use SAF resources, such as RACF® and other security programs, rather than the SDSF-specific ISFPARMS/ISFPRMxx method. Using SAF has the benefit of placing security controls in the hands of the security administrator, reducing the manual task of reassembly of ISFPARMS during each upgrade, and elimination of maintenance of security definitions outside the external security manager. In the release after z/OS V2.4 IBM plans to require the use of SAF-based security for the SDSF feature. In the case in which a client is using ISFPARMS/ISFPRMxx-based security, there will be a required migration to SAF-based security. The SDSF feature plans migration documentation and tooling to assist in the conversion. In preparation for this removal for those affected, IBM recommends clients start their conversion to SAF-based security on their current z/OS release.

Hope it helps you.
Thanks!
0 comments
30 views