hidden features of vanguard securitycentertm...what is vanguard securitycenter ? •windows-gui...
TRANSCRIPT
Hidden Features of
Vanguard SecurityCenterTM
Presented by
Vanguard Professional Services
Legal Notice
Copyright
©2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved. You have
a limited license to view these materials for your organization’s internal
purposes. Any unauthorized reproduction, distribution, exhibition or use of these
copyrighted materials is expressly prohibited.
Trademarks
IBM, RACF, DB2, MVS, and z/OS are trademarks or registered trademarks of
International Business Machines Corporation in the United States, other countries,
or both. Vanguard SecurityCenter, Vanguard zSecurity University, and Vanguard
Security & Compliance are trademarks of Vanguard Integrity Professionals –
Nevada.
2
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Topics
3
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1 Getting Started and Customizing Vanguard SecurityCenter™
2 Cloning a User
3 Side-by-Side Administration
4 Helpdesk Administration
5
6 Native DB2® Administration
Finding “Best Fitting” Profile
What is Vanguard SecurityCenter™?
• Windows-GUI Based RACF® Administration Tool
– Also Administers Native DB2 Security
• Client/Server Architecture
– Client is a Windows Application
– Server is an IBM® z/OS® Started Task and an MVS™ Data
Space
• RACF Data is “Live” – no Extract File needed
– Current Data is maintained in the MVS Data Space
• Vanguard SecurityCenter™/Workstation Connects
to Vanguard SecurityCenter™/RACF via TCP/IP 4
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Starting Vanguard SecurityCenter™
• Click on Vanguard SecurityCenter™ ICON on desktop
• Select from “All Programs/Vanguard/SecurityCenter”
5
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Tip of the Day
6
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Adding Host Systems
7
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Adding a Host System
8
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Selecting a Host System
9
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Signing on to Vanguard SecurityCenter™
10
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Auto Hide the System Status Window
11
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Customize Tool Bar
12
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Select View,
Toolbars,
Customize
Select Appearance of Tool Bar
Tabbed Groups or Floating Windows
13
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Select View,
Enable Tabbed Groups
Separate Windows
14
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
The Toolbar
15
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Group
Tree
Group and User Worksheet
and Resource Explorer
Group, User, Ghost, Resource
Administration
Create New
Group, User, Resource
Help Desk Administration,
Send Commands to Host,
Scratch Pad,
Command Status
Member Cross
Reference,
DB2 Administration
Copy, Paste
Undo, Redo
Filter
Filter Toolbar
Becomes Active when Using:
• Group Worksheet
• User Worksheet
• Resource Explorer
• Connections
• Access List
• Effective Access List
• Subgroups
• Owned Groups
• Owned Users
16
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Filter Characters:
+ Represents 0 to n characters.
% Represents a single character.
* Represents 0 to 8 characters
within a qualifier.
| Finds items that meet either
condition specified.
Multiple Conditions in Filter Toolbar
17
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Adding a Field to the Worksheet
18
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1. Right Mouse Click on the header bar
3. Select the field(s) you want to add
2. Select Add Field(s)
New Field Added
19
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Cloning a User
Cloning a User Profile
21
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1. Select New User button
2. Enter the User ID
3. Click Clone User
4. Enter the Clone ID
5. Fill In the User
Name and
Password
6. Select the segments
to clone
Send to Host
22
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
7. Review Commands in Command Status Tab
8. Click Send button
Define Alias Command
23
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Option to add Define Alias
Command Generation Tab
24
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Side-by-Side Administration
Side-by-Side Administration
26
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Click the Tab
and Pull Down
Side-by-Side Administration
27
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Select groups to copy
Side-by-Side Administration
28
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Drag and drop
Help Desk Administration
Help Desk Administration
30
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Click Help Desk button
Enter User ID
Help Desk Administration
31
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Enter New Password
and Verify, Uncheck
the Revoked box
Press OK
What is a Hard Revoke?
• Purpose - Revoke a user in a way that the Help Desk cannot resume the user
• When a user is Hard Revoked, the user is revoked and a bit is set in the Userdata field of the user profile
• The Hard Revoke bit is looked at only
by the Identity Manager function and
Help Desk Administration
• Who can use Hard Revoke?
– System-SPECIAL
– User who is not System-SPECIAL must
be authorized by FACILITY class profiles
32
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Hard Revoke
33
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Click Hard Revoke
Help Desk View
34
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Help Desk View
35
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Finding “Best Fitting” Profile
Undercutting Exercise
• Buddy requests UPDATE access to
VAN.PROD.FILE
• Management approves request
• What profile protects VAN.PROD.FILE?
• Give BUDDY UPDATE access to that profile?
– What are the ramifications?
• Do I need a new profile built?
– What are the ramifications if I build a new profile?
37
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Finding the Best Fitting Profile
38
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1. Select View,
Data Set Protection Analysis |
Profile That Protects a Data Set
2. Enter the Full Data Set Name in the Pop Up Window
Profile Found
39
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
3. Double Click the Profile to Display
Find Data Sets Protected by Profile
40
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1. Right Mouse Click next to Profile Name
2. Select Data Sets Protected By
Data Set Names Displayed
41
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Clone Dataset Profile
42
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1. Right Mouse Click next to Profile Name
2. Select Clone
Clone Dataset Profile
43
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1. Enter New Dataset Profile Name
2. Click OK
Add BUDDY to Access List
44
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Upload Commands to File
45
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Specify PDS and Member Name
46
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Commands Uploaded
47
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
Native DB2 Administration
DB2 Administration
49
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1. Select Resource Explorer
2. Expand DB2 Subsystem
Select Object to Administer
50
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1. Select Object Type
2. Specify Filter
3. Double-click Object
Specify User/Group and Privilege
51
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
1. Enter Secondary Auth ID or User
2. Press Grant
Vanguard zSecurity University™
52
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.
To register for a webinar or training course: go2vanguard.com Place mouse on Training
Customer Savings: Special Discounts for software customers and Vanguard Security & Compliance™ 2013 attendees
Don’t forget that all of the Vanguard zSecurity University™ courses are eligible for CPE Credits and all course materials are provided on a tablet
computing device that the attendee keeps at the end of the class.
Questions
54
©2014 Vanguard Integrity Professionals, Inc. All Rights Reserved. You have a limited license to
view these materials for your organization’s internal purposes. Any unauthorized reproduction,
distribution, exhibition or use of these copyrighted materials is expressly prohibited.