| Oracle® Identity Manager Connector Guide for IBM RACF Release 9.0.1 Part Number B31116-01 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for IBM RACF Release 9.0.1 Part Number B31116-01 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for IBM RACF is used to integrate Oracle Identity Manager with IBM RACF.
Note:
Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.This chapter contains the following sections:
The following table lists the functions that are available with this connector.
| Functionality | Type | Description |
|---|---|---|
| Create RACF New User | Provisioning | Creates a user account |
| Delete a RACF User | Provisioning | Deletes a user account |
| Name Updated | Provisioning | Changes the name of a user account |
| Password Updated | Provisioning | Changes the password of a user account |
| Owner Updated | Provisioning | Changes the owner of a user account |
| Department Updated | Provisioning | Changes the department of a user account |
| Default Group Updated | Provisioning | Changes the default group of a user account |
| Installation data Updated | Provisioning | Changes the installation data of a user account. Installation data is one of the fields to be filled in. It can contain any installation/system/project related value. |
| Operations Updated | Provisioning | Changes the Operations attribute of a user account |
| Special Updated | Provisioning | Changes the Special attribute of a user account in RACF |
| Auditor Updated | Provisioning | Changes the Auditor attribute of a user account in RACF |
| Group Access Updated | Provisioning | Changes the Group Access attribute of a user account in RACF |
| Enables a RACF User | Provisioning | Enables the user on RACF so that the user is able to log in to the IBM Mainframe server, running RACF on z/os |
| Disables a RACF User | Provisioning | Disables a user on RACF so that the user is not able to log in to the IBM RACF server |
| Connect Group | Provisioning | Adds a user to a user's group on the IBM RACF server |
| Disconnect Group | Provisioning | Removes a user from a user's group on the IBM RACF server |
| Add TSO to a User | Provisioning | Provides TSO(Time Sharing Options) access to a user. TSO is one of the subsystems |
| Remove TSO | Provisioning | Removes TSO access from a user |
| Reconcile lookup field | Reconciliation | Reconciles the lookup fields |
| Reconcile User Data | Reconciliation | Reconciles user data |
This section describes the elements that the reconciliation module extracts from the target system to construct a reconciliation event record. In IBM RACF, the reconciliation process can be divided into the following:
Lookup Fields reconciliation involves reconciling the following lookup fields of IBM RACF:
Group
TSO Procedure
TSO Account Number
User reconciliation involves reconciling the following user attributes from IBM RACF.
| Name | Description | Data Type |
|---|---|---|
| User General Data | ||
| userid | User ID on the RACF system | String |
| owner | Owner of the user | String |
| name | Display name of the user | String |
| default group | Default group associated with the user | String |
| operations | Operations privilege | Number |
| auditor | Auditor privilege | Number |
| special | Special privilege | Number |
| grp access | Group access privilege | Number |
| department | Department name | String |
| User Group Data | ||
| Groups | Child table | Multivalued attribute |
| group name | Group name | String |
| revoke date | Revoke date associated with group | String |
| authorization | Authorization privilege | String |
| USER TSO Data | ||
| TSO | Child table | Multivalued attribute |
| account number | TSO account number | String |
| procedure | TSO procedure name | String |
The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:
Security Applications\IBM RACF\IBM RACF Rev 1.1.1.zip
These files and directories are listed in the following table.
| File in the Installation Media Directory | Description |
|---|---|
xml\racfResAdp.xml |
This XML file contains records the following Oracle Identity Manager components:
|
lib\JavaTask\xlUtilHostAccess.jar |
This JAR file contains the class files that are required for provisioning. |
lib\ScheduleTask\xlReconRACF.jar |
This JAR file contains the class files that are required for reconciliation. |
lib\ThirdPartyI\InitialLoginSequence.txt |
This file contains the login sequence that the connector function uses to connect to the IBM RACF server. The login sequence provides both the sequence of screens that are displayed while logging in to RACF using IBM Personal Communications and the values to be provided on each screen to proceed further. This should facilitate the connector to reach the READY prompt on the mainframe target server. As TSO is panel driven, after logging in, we do require the cursor to reach a particular prompt. |
lib\ThirdParty\logoutSequence.txt |
This file contains the logout sequence that the connector function uses to disconnect from the IBM RACF server. The logout sequence provides both the sequence of screens that are displayed while logging off from RACF using IBM Personal Communications and the values to be provided on each screen. This should facilitate the connector to log off from the mainframe target server. As TSO is panel driven, after logging in, we do require the cursor to reach a particular prompt. |
xellerate_home\xellerate\ThirdParty\connectionProperties.txt
|
This file contains the connection parameters and the values of these parameters that are required to connect to the IBM RACF server. This file is used with the troubleshooting utility. |
lib\ThirdParty\CustomizedCAs.jar |
This file is used for making a secured connection to Mainframe using SSL. It is used to store a copy of SSL certificated installed on the Mainframe Server. |
lib\ThirdParty\InputFields.txt |
This file contains the connection parameters and the values of these parameters that are required to connect to the IBM Mainframe server. This file is used with the troubleshooting utility. |
RACF Scripts\DATAUNLD |
This file creates a temporary file and merges the data from SYSTMDAT and JCLSRC, which are part of the code to be deployed on the IBM RACF server, into it to submit a background job. This background job prepares a decrypted copy of the IBM RACF database and then calls the individual REXX code scripts to format the data. DATAUNLD is a member of a procedure library on the IBM RACF server. A procedure library is a Partitioned dataset containing member files. |
RACF Scripts\JCLSRC |
This file is a template JCL, which is used to submit the background job for use in reconciliation. It is a member of a procedure library on the IBM RACF server. A procedure library is a Partitioned dataset containing member files. |
RACF Scripts\DATAEXTT |
This file uses the decrypted copy of the IBM RACF database to extract user-related records required for reconciliation into temporary files. It is a member of a procedure library on the IBM RACF server. |
RACF Scripts\RXDPTADD |
This file uses the temporary file containing the user's department data and adds this information to the user's basic data. It is a member of a procedure library on the IBM RACF server. |
RACF Scripts\RXTSOADD |
This file uses the temporary file containing the user's TSO data and adds this information to the user's basic data. It is a member of a procedure library on the IBM RACF server. |
RACF Scripts\RXGRPADD |
This file uses the temporary file containing the user's group privilege and adds this information to the user's basic data. It is a member of a procedure library on the IBM RACF server. |
RACF Scripts\RXPRVADD |
This file uses the temporary file containing the user's connect privilege data and adds this information to the user's basic data. It is a member of a procedure library on the IBM RACF server. |
RACF Scripts\RXPRNTDT |
This file uses the temporary file containing the user's data and sends this information to a Java adapter. It is a member of a procedure library on the IBM RACF server. |
RACF Scripts\JOBSTAT |
This file determines the status of a background job used for reconciliation. It is a member of a procedure library on the IBM RACF server. |
RACF Scripts\RXDIFFER |
This file provides differences between old database image and new database image.It is a member of a procedure library on the IBM RACF server. |
RACF Scripts\RECNLKUP |
This file provides lookup fields data. It is a member of a procedure library on the IBM RACF server. |
RACF Scripts\SYSTMDAT |
This file is used to provide job configuration parameters to the mainframe system. |
troubleshooting\troubleshooting script.txt |
This file provides the description of the troubleshooting tool provided with the package. |
docs\B31116_01.pdf docs\html |
These are PDF and HTML versions of this guide, which provides instructions to deploy the connector. |
The "Step 4: Copying External Code" section provides instructions to copy these files into the required directories.
