Security database Analysis
The ETF/R Security Database Analysis Facility provides the ability to analyze ownership and entitlements of RACF user,
group, dataset and resource profiles, including detection of profile errors.
Using any part of the RACF database as a starting point, the user may examine the associations to other profiles.
The user may follow the trail of who has access to what, or who has ownership of what, or any combination.
Problem Ticket Number
A problem ticket number field has been added to the firecall activation panels.
The problem ticket number is included in all SMF records generated by ETF/R.
A user exit is provided to enable validation of the problem ticket number and/or nature of emergency text server.
ETF/R will send an email to administrator defined email addresses when a user activates a firecall privilege.
Global and user specific notification lists may be managed to control who receives the emails.
Email lists may be specified to allow distribution to be managed through the email server.
Firecall Group Differentiation
Firecall group entries can now be differentiated by type for DB2, RACF connect, or all uses.
Firecall groups can also be identified for use only on specific systems through the use of a system id mask.
System id mask matches to the SMF system id for RACF connect groups or the DB2 subsystem id for DB2 secondary auth ids.
OMVS surrogate (su -s) and OMVS superuser (su) is now supported under the ETF/R firecall Surrogate and Superuser privileges.
A new batch interface allows firecall to be activated within a job for the duration of that job.
All firecall modes are supported by the batch interface.
Firecall Available across Sysplex environments
Firecall privileges activated on one system are available on any system that shares the RACF database
or is linked using the RRSF facility of RACF.
Firecall List of Groups
A Firecall user may be assigned to multiple groups that will be activated when Firecall group access is activated.
The RACF LISTUSER command displays all Firecall groups associated with a user.
Firecall Group Special / Operator / Audit
The group special, group operator, and group audit attributes may be assigned to the Firecall groups.
These can include groups the user is already connected to without these privileges.
Controls Access in Emergency Situations
The ETF/R Firecall Facility controls access to sensitive data in emergency situations.
Special privileges such as "Universal ALL Access", "Universal Read Access",
and resource access using special Firecall Group can be pre-approved for certain userids.
Pre-defines Access Rights
Security administrators set up the pre-defined access rights for particular users.
This access is setup based on a special privilege, or can be created using a Firecall group.
This alternate Group profile contains access definitions for the additional access needed.
When an individual requests to use this feature, the user is connected to the group profile
which determines what additional capabilities will be granted.
Permits Selective Definition of Firecall Capabilities
The security administrator determines specifically what capabilities a user may select.
Special resource profiles define which users may use the Firecall Facility.
These definitions provide the most granular security needed,
enabling the administrator to carefully control use of this special "high access" facility.
User Invoked Privileges As Necessary
Whenever your users need this special access,
they simply turn on the privilege which connects them to the appropriate group.
Full-screen ISPF panels are available for their use.
When requesting this access, a justification must first be entered,
as well as a re-verification of the user's password.
Journals All Access to SMF
All activity to invoke the Firecall Facility and special access gained as a result of the Facility is journaled to SMF.
This information can then be reported using the ETF/R report programs.
Displays Firecall Information and Activity
ETF/R provides full-screen displays of all Firecall information on what has been created
and selected for individual users.
In addition, activity on the system, such as who has activated Firecall and why is available
using Option A from the Firecall Facility Main Menu.
Provides Sample Report Programs
Two reports are provided with ETF/R:
The first identifies instances when the special privileges are invoked by the user,
and which type of access was requested.
The second reports on access granted as a result of the special privileges.