Discussion:
IZUGUTSE ?
Add Reply
Dyck, Lionel B. , TRA
2018-05-07 13:32:55 UTC
Reply
Permalink
Raw Message
I have been reading the new z/OSMF Redbook and found in section 4.5 info about IZUGUTSE (gutsy) that appears to generate XML for use with establishing z/OSMF security regardless of the ESM.

BUT I've not found any information about it in the z/OS 2.3 internet library, knowledge center, etc.

I was hoping it would simplify the establishment of granular security for the various elements of z/OSMF when using CA Top Secret.

Thanks for any suggestions.

--------------------------------------------------------------------------
Lionel B. Dyck (Contractor) <sdg><
Mainframe Systems Programmer - RavenTek Solution Partners


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Lizette Koehler
2018-05-07 15:17:47 UTC
Reply
Permalink
Raw Message
But did you use Google?

When I did I came up with a few more hits including

IBM z/OS Management Facility V2R3 [Book] - Safari Books Online
https://www.safaribooksonline.com/library/view/ibm-zos.../9780738443096/

4.4 Authorizing a user to use z/OSMF . 4.4.1 Using RACF commands to authorize a
user ID to use z/OSMF . 4.5 Creating SAF security commands with IZUGUTSE utility
. Part 3 Usage . Chapter 5. Getting help in IBM z/OS Management Facility . 5.1
Overview of help options in z/OSMF . 5.2 Page-level help . 5.3 Message help ...


Lizette
-----Original Message-----
Dyck, Lionel B. (TRA)
Sent: Monday, May 07, 2018 6:34 AM
Subject: IZUGUTSE ?
I have been reading the new z/OSMF Redbook and found in section 4.5 info
about IZUGUTSE (gutsy) that appears to generate XML for use with establishing
z/OSMF security regardless of the ESM.
BUT I've not found any information about it in the z/OS 2.3 internet library,
knowledge center, etc.
I was hoping it would simplify the establishment of granular security for the
various elements of z/OSMF when using CA Top Secret.
Thanks for any suggestions.
--------------------------------------------------------------------------
Lionel B. Dyck (Contractor) <sdg><
Mainframe Systems Programmer - RavenTek Solution Partners
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Dyck, Lionel B. , TRA
2018-05-07 15:20:31 UTC
Reply
Permalink
Raw Message
Found those which reference the redbook where I learned about gutsy. :-)

Thanks - now to figure out how to use it as there is zero doc that I can find.

--------------------------------------------------------------------------
Lionel B. Dyck (Contractor) <sdg><
Mainframe Systems Programmer - RavenTek Solution Partners

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler
Sent: Monday, May 07, 2018 10:19 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: IZUGUTSE ?

But did you use Google?

When I did I came up with a few more hits including

IBM z/OS Management Facility V2R3 [Book] - Safari Books Online
https://www.safaribooksonline.com/library/view/ibm-zos.../9780738443096/

4.4 Authorizing a user to use z/OSMF . 4.4.1 Using RACF commands to authorize a
user ID to use z/OSMF . 4.5 Creating SAF security commands with IZUGUTSE utility
. Part 3 Usage . Chapter 5. Getting help in IBM z/OS Management Facility . 5.1
Overview of help options in z/OSMF . 5.2 Page-level help . 5.3 Message help ...


Lizette
-----Original Message-----
Dyck, Lionel B. (TRA)
Sent: Monday, May 07, 2018 6:34 AM
Subject: IZUGUTSE ?
I have been reading the new z/OSMF Redbook and found in section 4.5 info
about IZUGUTSE (gutsy) that appears to generate XML for use with establishing
z/OSMF security regardless of the ESM.
BUT I've not found any information about it in the z/OS 2.3 internet library,
knowledge center, etc.
I was hoping it would simplify the establishment of granular security for the
various elements of z/OSMF when using CA Top Secret.
Thanks for any suggestions.
--------------------------------------------------------------------------
Lionel B. Dyck (Contractor) <sdg><
Mainframe Systems Programmer - RavenTek Solution Partners
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Elardus Engelbrecht
2018-05-07 16:35:23 UTC
Reply
Permalink
Raw Message
Post by Lizette Koehler
IBM z/OS Management Facility V2R3 [Book] - Safari Books Online
https://www.safaribooksonline.com/library/view/ibm-zos.../9780738443096/
Thanks, but Safari and that Red-hot spanner on the front page of that RedBook is blocking/burning me to read it... ;-)

Try this link to see the same bookie. (21 MB, 584 pages)

http://www.redbooks.ibm.com/abstracts/sg247851.html?Open

ISBN-13: 9780738443096
IBM Form #: SG24-7851-02

Groete / Greetings
Elardus Engelbrecht

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
ITschak Mugzach
2018-05-07 17:20:00 UTC
Reply
Permalink
Raw Message
Lionel,

have you looked in sys1.samplib(*izu*)

ITschak

On Mon, May 7, 2018 at 7:36 PM, Elardus Engelbrecht <
Post by Elardus Engelbrecht
Post by Lizette Koehler
IBM z/OS Management Facility V2R3 [Book] - Safari Books Online
https://www.safaribooksonline.com/library/view/ibm-zos.../9780738443096/
Thanks, but Safari and that Red-hot spanner on the front page of that
RedBook is blocking/burning me to read it... ;-)
Try this link to see the same bookie. (21 MB, 584 pages)
http://www.redbooks.ibm.com/abstracts/sg247851.html?Open
ISBN-13: 9780738443096
IBM Form #: SG24-7851-02
Groete / Greetings
Elardus Engelbrecht
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **| *

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Dyck, Lionel B. , TRA
2018-05-07 17:30:45 UTC
Reply
Permalink
Raw Message
Nothing in samplib :(

This must be a very secure tool - security by obscurity.

--------------------------------------------------------------------------
Lionel B. Dyck (Contractor) <sdg><
Mainframe Systems Programmer – RavenTek Solution Partners


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of ITschak Mugzach
Sent: Monday, May 07, 2018 12:21 PM
To: IBM-***@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: IZUGUTSE ?

Lionel,

have you looked in sys1.samplib(*izu*)

ITschak

On Mon, May 7, 2018 at 7:36 PM, Elardus Engelbrecht <
Post by Elardus Engelbrecht
Post by Lizette Koehler
IBM z/OS Management Facility V2R3 [Book] - Safari Books Online
https://www.safaribooksonline.com/library/view/ibm-zos.../9780738443096/
Thanks, but Safari and that Red-hot spanner on the front page of that
RedBook is blocking/burning me to read it... ;-)
Try this link to see the same bookie. (21 MB, 584 pages)
http://www.redbooks.ibm.com/abstracts/sg247851.html?Open
ISBN-13: 9780738443096
IBM Form #: SG24-7851-02
Groete / Greetings
Elardus Engelbrecht
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **| *

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
ITschak Mugzach
2018-05-07 19:12:27 UTC
Reply
Permalink
Raw Message
here is the xml: IZU.AIZUFS(IZUGUTSA) and it looks like this:

<?xml version="1.0"
encoding="UTF-8"?>
<securityrequest xmlns:saf= "http://www.ibm.com/systems/zos/saf"
xmlns:racf="htt
.<!-- Begin "Core" Setup
-->
.<!-- This commented section contains the CLASS activation commands Insure
the f
.

.<!--Activate the APPL
class-->
.<racf:systemsettings operation="set"
requestid="IZU00001001">
..<racf:classact>APPL</racf:classact>

..<racf:raclist>APPL</racf:raclist>

..<racf:generic>APPL</racf:generic>

.</racf:systemsettings>

.

.<!--Activate the EJBROLE
class-->
.<racf:systemsettings operation="set"
requestid="IZU00001002">
..<racf:classact>EJBROLE</racf:classact>

..<racf:raclist>EJBROLE</racf:raclist>

..<racf:generic>EJBROLE</racf:generic>

.</racf:systemsettings>

.

.<!--Activate the FACILITY
class-->
.<racf:systemsettings operation="set"
requestid="IZU00001003">
..<racf:classact>FACILITY</racf:classact>

..<racf:raclist>FACILITY</racf:raclist>

..<racf:generic>FACILITY</racf:generic>

.</racf:systemsettings>

.

.<!--Activate the SERVER
class-->
.<racf:systemsettings operation="set"
requestid="IZU00001004">
. . . . . . . . . . . . . . . . . . . . . . . . .
. .


Best,
ITschak
Post by Dyck, Lionel B. , TRA
Nothing in samplib :(
This must be a very secure tool - security by obscurity.
--------------------------------------------------------------------------
Lionel B. Dyck (Contractor) <sdg><
Mainframe Systems Programmer – RavenTek Solution Partners
-----Original Message-----
Behalf Of ITschak Mugzach
Sent: Monday, May 07, 2018 12:21 PM
Subject: [EXTERNAL] Re: IZUGUTSE ?
Lionel,
have you looked in sys1.samplib(*izu*)
ITschak
On Mon, May 7, 2018 at 7:36 PM, Elardus Engelbrecht <
Post by Elardus Engelbrecht
Post by Lizette Koehler
IBM z/OS Management Facility V2R3 [Book] - Safari Books Online
https://www.safaribooksonline.com/library/
view/ibm-zos.../9780738443096/
Post by Elardus Engelbrecht
Thanks, but Safari and that Red-hot spanner on the front page of that
RedBook is blocking/burning me to read it... ;-)
Try this link to see the same bookie. (21 MB, 584 pages)
http://www.redbooks.ibm.com/abstracts/sg247851.html?Open
ISBN-13: 9780738443096
IBM Form #: SG24-7851-02
Groete / Greetings
Elardus Engelbrecht
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **| *
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **| *

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Dyck, Lionel B. , TRA
2018-05-07 19:20:28 UTC
Reply
Permalink
Raw Message
But who, other than IBM, in their right mind would hand code XML? I got the impression, probably wrong, that the gutsy routine provided a more user friendly interface (at least that was my hope).

--------------------------------------------------------------------------
Lionel B. Dyck (Contractor) <sdg><
Mainframe Systems Programmer – RavenTek Solution Partners


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of ITschak Mugzach
Sent: Monday, May 07, 2018 2:14 PM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: IZUGUTSE ?

here is the xml: IZU.AIZUFS(IZUGUTSA) and it looks like this:

<?xml version="1.0"
encoding="UTF-8"?>
<securityrequest xmlns:saf= "http://www.ibm.com/systems/zos/saf"
xmlns:racf="htt
.<!-- Begin "Core" Setup
-->
.<!-- This commented section contains the CLASS activation commands Insure
the f
.

.<!--Activate the APPL
class-->
.<racf:systemsettings operation="set"
requestid="IZU00001001">
..<racf:classact>APPL</racf:classact>

..<racf:raclist>APPL</racf:raclist>

..<racf:generic>APPL</racf:generic>

.</racf:systemsettings>

.

.<!--Activate the EJBROLE
class-->
.<racf:systemsettings operation="set"
requestid="IZU00001002">
..<racf:classact>EJBROLE</racf:classact>

..<racf:raclist>EJBROLE</racf:raclist>

..<racf:generic>EJBROLE</racf:generic>

.</racf:systemsettings>

.

.<!--Activate the FACILITY
class-->
.<racf:systemsettings operation="set"
requestid="IZU00001003">
..<racf:classact>FACILITY</racf:classact>

..<racf:raclist>FACILITY</racf:raclist>

..<racf:generic>FACILITY</racf:generic>

.</racf:systemsettings>

.

.<!--Activate the SERVER
class-->
.<racf:systemsettings operation="set"
requestid="IZU00001004">
. . . . . . . . . . . . . . . . . . . . . . . . .
. .


Best,
ITschak
Post by Dyck, Lionel B. , TRA
Nothing in samplib :(
This must be a very secure tool - security by obscurity.
--------------------------------------------------------------------------
Lionel B. Dyck (Contractor) <sdg><
Mainframe Systems Programmer – RavenTek Solution Partners
-----Original Message-----
Behalf Of ITschak Mugzach
Sent: Monday, May 07, 2018 12:21 PM
Subject: [EXTERNAL] Re: IZUGUTSE ?
Lionel,
have you looked in sys1.samplib(*izu*)
ITschak
On Mon, May 7, 2018 at 7:36 PM, Elardus Engelbrecht <
Post by Elardus Engelbrecht
Post by Lizette Koehler
IBM z/OS Management Facility V2R3 [Book] - Safari Books Online
https://www.safaribooksonline.com/library/
view/ibm-zos.../9780738443096/
Post by Elardus Engelbrecht
Thanks, but Safari and that Red-hot spanner on the front page of that
RedBook is blocking/burning me to read it... ;-)
Try this link to see the same bookie. (21 MB, 584 pages)
http://www.redbooks.ibm.com/abstracts/sg247851.html?Open
ISBN-13: 9780738443096
IBM Form #: SG24-7851-02
Groete / Greetings
Elardus Engelbrecht
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **| *
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **| *

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
John McKown
2018-05-08 13:57:14 UTC
Reply
Permalink
Raw Message
Lots of people use XML. It is handy for translating X to Y in a platform
independent manner.
That being said, I would only use XML if forced to by
business/applications constraints.
​Yeah. I like XML because Java supports it "natively". But I think that
JSON is "better" mainly because it can do the same thing with fewer
characters. And, similar to XML/Java, JSON is native to JavaScript. I just
noticed that NodeJS is on ShopzSeries. I can't tell, but it seems to be a
cost item, unlike Java. This is unfortunate for me because the nodejs
implementations on Linux and Windows are cost-free. So, once again, IBM
makes those platforms more attractive to our bottom-line management. But
then, we don't run nodejs because "It's not a Microsoft product.". Yes, I
actually got that from a Windows person who was looking at a thin-client
desktop product, many years ago.
--
We all have skeletons in our closet.
Mine are so old, they have osteoporosis.

Maranatha! <><
John McKown

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Hiren Shah
2018-05-10 22:12:38 UTC
Reply
Permalink
Raw Message
Post by Dyck, Lionel B. , TRA
I have been reading the new z/OSMF Redbook and found in section 4.5 info about IZUGUTSE (gutsy) that appears to generate XML for use with establishing z/OSMF security regardless of the ESM.
BUT I've not found any information about it in the z/OS 2.3 internet library, knowledge center, etc.
I was hoping it would simplify the establishment of granular security for the various elements of z/OSMF when using CA Top Secret.
Thanks for any suggestions.
--------------------------------------------------------------------------
Lionel B. Dyck (Contractor) <sdg><
Mainframe Systems Programmer - RavenTek Solution Partners
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
Hi Lionel,

Today if you need to protect certain resource on z/OS, security configuration will be different based on ESM (External Security Manager) product. If you have RACF ESM product, you need to learn syntax of RDEFINE and PERMIT commands. If you have TopSecret you need to learn about TSS PERMIT command.

We have defined common security deployment descriptor to facilitate setting up security without any specific ESM product knowledge. We worked with CA technologies to build this solution. Currently RACF supports security setup with security requirement expressed in security deployment descriptor file in XML format. In future we expect TopSecret and ACF/2 to provide support for this function also.

IZUGUTSE is a utility that can be used to validate XML as well as to invoke underlying RACF commands using IRRSMO00 callable service.
Loading...