Browse Prior Art Database

Target User Collection

IP.com Disclosure Number: IPCOM000117229D
Original Publication Date: 1996-Jan-01
Included in the Prior Art Database: 2005-Mar-31
Document File: 2 page(s) / 91K

Publishing Venue

IBM

Related People

Farrell, W: AUTHOR [+8]

Abstract

Disclosed is a method for allowing users of a computer security product to send commands and password changes to other userids or accounts. The method disclosed herein uses the IBM Resource Access Control Faclility (RACF)* remote sharing facility (RRSF). The other userids can be on the same system or a different system.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Target User Collection

      Disclosed is a method for allowing users of a computer security
product to send commands and password changes to other userids or
accounts.  The method disclosed herein uses the IBM Resource Access
Control Faclility (RACF)* remote sharing facility (RRSF).  The other
userids can be on the same system or a different system.

      The central component of this function is the Target User
Collection (TUC), a data area associated with the RACF user profile
of an IBM time sharing option (TSO) userid on an RRSF node, whose
entries define associations with other userids at the same or
different RRSF nodes.  When the appropriate RACF profiles have been
defined, and a TUC has been created for a userid, that userid can
direct RACF commands to run under the authority of an associated
userid.  Optionally, password changes can be synchronized among the
associated userids.

      The RACF remote sharing facility (RRSF) allows multiple
MVS/ESA* (MVS) system images which cannot physically share the RACF
database to be defined to RACF as an RRSF network, where each of the
MVS system images is an RRSF node.  In an RRSF network, RRSF nodes
can send RACF commands and data to each other.  The target user
collection (TUC) provides the control required to allow users on an
RRSF node to send RACF commands and password changes to userids other
than the one they are logged on to, without compromising the security
of the systems.

RACF allows two types of associations to be defined between
node.userid pairs:
  o  Peer associations allow both members of the association to
direct
      RACF commands to each other.  A peer association can optionally
      allow its members to have RACF keep their passwords
synchronized;
      that is, when the password for one of the members is changed,
      RACF makes the same change to the password for the other
member.
      Peer associations are typically established between multiple
      userids used by the same person.
  o  Managed associations designate one member of the association to
      be the managing member, and the other one to be the managed
      member.  The managing member can direct commands to the managed
      member, but the managed member cannot direct commands to the
      managing member.  The members of a managed association...