[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: RACF DB Migration Questions
From:       "Warnick, Sherry" <swarv () ALLSTATE ! COM>
Date:       2023-04-18 15:55:40
Message-ID: BY3PR13MB4817C49A015F0D1A6D96F902C29D9 () BY3PR13MB4817 ! namprd13 ! prod ! outlook ! com
[Download RAW message or body]

Hi KB, 

My apologies for the delay in responding. Thank you for the information. 😊

Thanks,
Sherry 

Sherry Warnick
Mainframe Security
p: 330-656-6774
e: swarv@allstate.com

-----Original Message-----
From: RACF Discussion List <RACF-L@LISTSERV.UGA.EDU> On Behalf Of kekronbekron
Sent: Tuesday, April 11, 2023 10:13 PM
To: RACF-L@LISTSERV.UGA.EDU
Subject: [External] Re: RACF DB Migration Questions

Hi Sherry,

There's an old utility that may help double/triple check things - DBSYNC.
https://urldefense.com/v3/__https://github.com/IBM/IBM-Z-zOS/blob/main/zOS-RACF/Downlo \
ads/readme.md__;!!IIU9BLNPZ2ob!OT4dIbcoTBJvyyrYbpmnU2-NUdtGsLLP1cwIHU1ebSdRYpH1ZGR4t8JyOirwpmU9s1MhuLxeu2a8uh0PVV9nlWRR3m1eYxFDWw$ \


Look for the folder 'dbsync' and 'dbsync.doc.txt' here - \
https://urldefense.com/v3/__https://public.dhe.ibm.com/eserver/zseries/zos/racf/__;!!I \
IU9BLNPZ2ob!OT4dIbcoTBJvyyrYbpmnU2-NUdtGsLLP1cwIHU1ebSdRYpH1ZGR4t8JyOirwpmU9s1MhuLxeu2a8uh0PVV9nlWRR3m3J9C55og$ \


It should also be worth checking if ICHRIN03 and Class Descriptor Table (CDT) match.
IRRDBU00 offload (which won't contain sensitive info) from both places can be used to \
further analyse the differences (after heavy selection/filtering). Also, \
certificates!

Will also be worth reviewing related content from the legendary RSH - \
https://urldefense.com/v3/__https://rshconsulting.com/racfres.htm__;!!IIU9BLNPZ2ob!OT4 \
dIbcoTBJvyyrYbpmnU2-NUdtGsLLP1cwIHU1ebSdRYpH1ZGR4t8JyOirwpmU9s1MhuLxeu2a8uh0PVV9nlWRR3m1gLJN4tA$ \


- KB

------- Original Message -------
On Tuesday, April 11th, 2023 at 10:25 PM, Warnick, Sherry <swarv@ALLSTATE.COM> wrote:


> Hello Folks,
> 
> I'm hoping to get any advice you may have regarding migrating/merging RACF DBs.
> 
> For reference, we currently have 5 different RACF databases in place to in part \
> accommodate different physical datacenters as well as separation of \
> Sandbox/Development systems. 4 of these are regularly kept in sync/updated and are \
> working perfectly. 
> The 5th database has 2 LPARs (1 Test & 1 Prod) and was handled by a separate team \
> entirely that we are bringing into one of the above 4 to keep better in sync for \
> RACF compliance, new capabilities, auditing, and other benefits. The Test LPAR will \
> be migrated 1st during a regularly scheduled IPL and will be up/running in the new \
> DB for approximately 1 month before migrating the Prod LPAR during its regularly \
> scheduled IPL. This should give us enough time to catch any ICH408I errors we \
> presume will pop up and complete thorough testing. 
> We're pretty comfortable that we have done everything we can to prepare to make \
> this seamless, but as the personnel who have done this in the past have all since \
> retired, we wanted to get 1 last set of advice from our fellow RACF experts. 
> Anything you can recommend that we should consider prior to this migration?
> 
> Our Configuration Details
> All systems are on zOS 2.5 in a SYSPLEX environment RRSF is utilized 
> to sync RACF Commands/Accounts Data sharing is currently done between 
> 4/5 DBs Database alignments/plans:
> 
> * Current Databases
> * GLDB
> * NBDB
> * HPDB (sandbox)
> * BRDB (dev)
> * CADB - no data sharing in effect
> * Alignments/Command propagation
> * GLDB <-- --> BRDB sync
> 
> * NBDB --> HPDB sync
> 
> * CADB
> * Database migration
> * CADB moving into GLDB
> 
> Some Actions Already Taken
> 
> * Cleanup obsolete resources/accounts on CADB
> * Move permissions from IDs to Groups to align with standards
> * Align resources defined in both GLDB/CADB (i.e. same ownership, 
> UACC, Auditing, profile naming, etc.)
> * Brought CADB into alignment with existing security protocols (i.e. 
> KDFAES, Password/Passphrase Support, etc.)
> * UID/GID alignment
> 
> Post migration we will be updating our RRSF Parms to incorporate the 2 LPARs that \
> have been brought into the GLDB. 
> Sherry Warnick
> Mainframe Security
> p: 330-656-6774
> e: swarv@allstate.commailto:swarv@allstate.com


[prev in list] [next in list] [prev in thread] [next in thread]