Setting up an initial role model creates challenges quite similar to a RACF cleanup. The first step is to define the current status quo of the required authorizations for all users. You must determine which resources each user must access regarding his or her “role(s)” in the company’s business. A complete and comprehensive assessment in this field is a prerequisite for the second step, which includes the develop- ment of a role model based on effectively required, i.e. non-excessive authorizations.

Both challenges – cleaning up RACF and setting up an initial role model – provoke a common technological desire to perform a long-term observation of all resource access requests. SF-SecuClean provides you with this efficient long-term monitoring for RACF environments. Its high performance and cost-effective technology allows you to easily 1) clean up and streamline the security configurations defined by the RACF database (e.g. streamlining access lists, lowering UACCs, removing global access authorizations, deleting profiles, etc.), and 2) perform the necessary assessment of the currently required access authorities to set up an initial role model.

SF-SecuClean’s technology extends the standard RACF environment with the required resource access monitoring without influencing RACF’s actual decisions. All resource access requests are registered in a database (DB2) that is available for online evaluation and reporting at any time. A precise knowledge base is created over time regarding which users (must) access which resources on which access levels for their daily work. The longer the observation period, the greater the informative value of this monitoring becomes. In the end, i.e. after a sufficient length of time, clarity arises regarding each user’s actually required authorizations, which then allows you to reconfigure and optimize the RACF database with minimum risk. Of course, SF-SecuClean’s unique monitoring capabilities also support daily work in your RACF administration, security monitoring, system programming and IT audit departments. Information regarding (real) occurring access requests can be obtained online at any time by following a simple procedure.

SF-SecuClean is, therefore, the ideal solution for all mainframe users across all business sectors or company sizes. It is also the “perfect match” for all pragmatic z/OS users who dismiss any “monitoring and compliance overkill” and just desire a state-of-the-art cleanup and high-performance configuration of their RACF security without investing a lot in CPU time and other costs. Check it out!