M Features of the Mainframe Agents
This appendix contains the following topics:
M.1 Functions Supported by the Pioneer Provisioning Agent
The Pioneer Provisioning Agent supports the following functions:
Standard IBM RACF user profile commands:
- [ADDUSER]: Creates a IBM RACF user profile
- [ALTUSER]: Modifies a IBM RACF user profile
- [DELUSER]: Deletes a IBM RACF user profile
- [PASSWORD]: Modifies password data for IBM RACF user profile
Standard IBM RACF group profile commands:
- [ADDGRP]: Creates a IBM RACF group profile
- [ALTGRP]: Modifies a IBMRACF group profile
- [DELGRP]: Deletes a IBM RACF group profile
- [CONNET]: Adds an IBM RACF user to a group. This command works based on the variables that set access rights.
- [REMOVE]: Removes an IBM RACF user from a group.
Standard IBM RACF data set and resource profile commands:
- [PERMIT]: Provides data set or resource profile access to a user
- [SETROPTS]: Refresh access to resource
Standard IBM RACF searching:
- SEARCH CLASS(USER)
- SEARCH CLASS(GROUP)
- SEARCH CLASS(DATASET)
- [RLIST]: Retrieve Resource information
Standard IBM RACF alias commands:
- [DEFINE ALIAS]: Defines user to catalog
- [DELETE ALIAS]: Removes user from catalog
- [LISTC ENTRIES]: List Master Catalogs By User
- [LISTC LEVEL]: List Datasets By User
Proprietary IdentityForge IBM RACF Authentication and Change Password Commands:
- CHKUSER
- CHKUSERPWD
Table M-1 lists the functions supported by the Provisioning Agent - Pioneer.
Table M-1 Functions Supported by the Provisioning Agent - Pioneer
| Function | Description |
|---|---|
| Authenticate Users | Validates users LoginId and Password. |
| Create Users | Adds new users IBM RACF. |
| Modify Users | Modifies user information in IBM RACF. |
| Change Passwords | Changes user passwords on IBM RACF in response selfservice change password. |
| Reset Passwords | Resets user passwords IBM RACF. The passwords are reset by the administrator. |
| Change Passphrase | Changes user passphrase on IBM RACF in response self-service change passphrase. |
| Reset passphrase | Resets user passphrase on IBM RACF. The passphrase are reset by the administrator. |
| Disable User Accounts | Disables users in IBM RACF. |
| Enable User Accounts | Enables users in IBM RACF. |
| Delete Users | Removes users from IBM RACF. |
| Create Groups | Adds new groups to IBM RACF. |
| Modify Groups | Modifies group information in IBM RACF. |
| Delete Groups | Removes groups from IBM RACF. |
| Search All Users | Retrieves all users with current data from IBM RACF. |
| Search All Groups | Retrieves all groups with current data from IBM RACF. |
| Search All Datasets | Retrieves all datasets with current data from IBM RACF. |
| Search All Dataset Profiles by User | Retrieves all dataset profiles for a given RACF,LOGIN ID. |
| Search Resource | Retrieve RACF resource with current data. |
| Grant Users Access to Datasets and General Resources | Adding/Removing the user to an IBM RACF dataset or resources. |
| Grant Users Access to Privileges (TSO, SPECIAL) | Provides TSO login access to users or other Privileges. |
| Grant User TSO attributes | Provides TSO information. |
| Grant User NETVIEW attributes | Provides NETVIEW information. |
| Grant User CICS attributes | Provides CICS information. |
| Grant User CSDATA attributes | Provides CSDATA user-defined information. |
| Grant User OMVS attributes | Provides OMVS information. |
| Grant Users Access to Groups | Adding the user to an IBM RACF group. |
M.2 Functions Supported by the Voyager Reconciliation Agent
The Voyager Reconciliation Agent supports reconciliation of changes that are made to user profiles by using commands such as ADDUSER or ALTUSER. These commands also contain users' passwords for reconciliation, if any.
The Voyager Reconciliation Agent supports the following functions:
- Change passwords
- Create user data
- Modify user data
- Password Interval changes
- Disable users
- Delete users
- Enable users
- Group Membership Changes
- Create group data
- Modify group data
- Delete groups
- Audit information