[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: RACF DB Migration Questions
From: "Warnick, Sherry" <swarv () ALLSTATE ! COM>
Date: 2023-04-18 15:55:40
Message-ID: BY3PR13MB4817C49A015F0D1A6D96F902C29D9 () BY3PR13MB4817 ! namprd13 ! prod ! outlook ! com
[Download RAW message or body]
Hi KB,
My apologies for the delay in responding. Thank you for the information. 😊
Thanks,
Sherry
Sherry Warnick
Mainframe Security
p: 330-656-6774
e: swarv@allstate.com
-----Original Message-----
From: RACF Discussion List <RACF-L@LISTSERV.UGA.EDU> On Behalf Of kekronbekron
Sent: Tuesday, April 11, 2023 10:13 PM
To: RACF-L@LISTSERV.UGA.EDU
Subject: [External] Re: RACF DB Migration Questions
Hi Sherry,
There's an old utility that may help double/triple check things - DBSYNC.
https://urldefense.com/v3/__https://github.com/IBM/IBM-Z-zOS/blob/main/zOS-RACF/Downlo \
ads/readme.md__;!!IIU9BLNPZ2ob!OT4dIbcoTBJvyyrYbpmnU2-NUdtGsLLP1cwIHU1ebSdRYpH1ZGR4t8JyOirwpmU9s1MhuLxeu2a8uh0PVV9nlWRR3m1eYxFDWw$ \
Look for the folder 'dbsync' and 'dbsync.doc.txt' here - \
https://urldefense.com/v3/__https://public.dhe.ibm.com/eserver/zseries/zos/racf/__;!!I \
IU9BLNPZ2ob!OT4dIbcoTBJvyyrYbpmnU2-NUdtGsLLP1cwIHU1ebSdRYpH1ZGR4t8JyOirwpmU9s1MhuLxeu2a8uh0PVV9nlWRR3m3J9C55og$ \
It should also be worth checking if ICHRIN03 and Class Descriptor Table (CDT) match.
IRRDBU00 offload (which won't contain sensitive info) from both places can be used to \
further analyse the differences (after heavy selection/filtering). Also, \
certificates!
Will also be worth reviewing related content from the legendary RSH - \
https://urldefense.com/v3/__https://rshconsulting.com/racfres.htm__;!!IIU9BLNPZ2ob!OT4 \
dIbcoTBJvyyrYbpmnU2-NUdtGsLLP1cwIHU1ebSdRYpH1ZGR4t8JyOirwpmU9s1MhuLxeu2a8uh0PVV9nlWRR3m1gLJN4tA$ \
- KB
------- Original Message -------
On Tuesday, April 11th, 2023 at 10:25 PM, Warnick, Sherry <swarv@ALLSTATE.COM> wrote:
> Hello Folks,
>
> I'm hoping to get any advice you may have regarding migrating/merging RACF DBs.
>
> For reference, we currently have 5 different RACF databases in place to in part \
> accommodate different physical datacenters as well as separation of \
> Sandbox/Development systems. 4 of these are regularly kept in sync/updated and are \
> working perfectly.
> The 5th database has 2 LPARs (1 Test & 1 Prod) and was handled by a separate team \
> entirely that we are bringing into one of the above 4 to keep better in sync for \
> RACF compliance, new capabilities, auditing, and other benefits. The Test LPAR will \
> be migrated 1st during a regularly scheduled IPL and will be up/running in the new \
> DB for approximately 1 month before migrating the Prod LPAR during its regularly \
> scheduled IPL. This should give us enough time to catch any ICH408I errors we \
> presume will pop up and complete thorough testing.
> We're pretty comfortable that we have done everything we can to prepare to make \
> this seamless, but as the personnel who have done this in the past have all since \
> retired, we wanted to get 1 last set of advice from our fellow RACF experts.
> Anything you can recommend that we should consider prior to this migration?
>
> Our Configuration Details
> All systems are on zOS 2.5 in a SYSPLEX environment RRSF is utilized
> to sync RACF Commands/Accounts Data sharing is currently done between
> 4/5 DBs Database alignments/plans:
>
> * Current Databases
> * GLDB
> * NBDB
> * HPDB (sandbox)
> * BRDB (dev)
> * CADB - no data sharing in effect
> * Alignments/Command propagation
> * GLDB <-- --> BRDB sync
>
> * NBDB --> HPDB sync
>
> * CADB
> * Database migration
> * CADB moving into GLDB
>
> Some Actions Already Taken
>
> * Cleanup obsolete resources/accounts on CADB
> * Move permissions from IDs to Groups to align with standards
> * Align resources defined in both GLDB/CADB (i.e. same ownership,
> UACC, Auditing, profile naming, etc.)
> * Brought CADB into alignment with existing security protocols (i.e.
> KDFAES, Password/Passphrase Support, etc.)
> * UID/GID alignment
>
> Post migration we will be updating our RRSF Parms to incorporate the 2 LPARs that \
> have been brought into the GLDB.
> Sherry Warnick
> Mainframe Security
> p: 330-656-6774
> e: swarv@allstate.commailto:swarv@allstate.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic