Kentucky-Ohio-Indiana RACF Users Group


General Information:

KOIRUG was created in 2003 to serve the professional education needs of the RACF community in Kentucky, Ohio, and Indiana. We typically hold full-day meetings twice a year. KOIRUG usually meets in the Cincinnati area.


Points of Contact:

Barb Rhoads, Cincinnati Financial

Aaron Humphries, American Modern Insurance Group

Deborah Pearson, Navient

Bob Hansel, RSH Consulting, Inc.


Upcoming Meeting:


Tuesday, May 2, 2017   ** Sponsored by Key Resources **


Location: Cincinnati Financial Corporation

6200 S. Gilmore Rd., Fairfield, Ohio 45014


Time: 9 a.m. - 3:30 p.m.          (Registration begins at 8:30 a.m.)


Cost: ** Free **




     Bruce Wells, IBM

Closing the Integrity Gap for the Mainframe

     Ray Overby, Key Resources


     Julie Bergh, IBM


     Robert S. Hansel, RSH Consulting





Program control is often perceived as one of the more complex and arcane functional areas of RACF. While the controls are a bit different than standard RACF profile processing, in many ways, they are directly analogous to what you already know. Where they are not (for example, the need to keep certain environments "clean"), the concepts behind them are, in fact, relatively straightforward. We hope that with a solid understanding of the underlying security issues, the day-to-day administration and maintenance of your environment will become more intuitive.


Closing the Integrity Gap for the Mainframe

You can spend hundreds of thousands of dollars securing the applications that serve up the data, but it won’t do you any good if you don’t maintain the integrity of the operating system. Vendors and research analysts will tell you that your number one priority is to secure your applications. There is even a “practical handbook for selecting application security tools and vendors”. Has anyone told you that all it takes is one zero day vulnerability in the z/OS operating system layer to bypass everything you have done and are doing to secure your data? Learn what a Severe Security Code Vulnerability is and why these can compromise your system. See a demo’s of several exploits from recent audits.


z/OSMF provides a web-based interface that allows you to manage various aspects of your z/OS systems through a browser at any time, from any location. One asks, ok, what does that have to do with security. Well, using z/OSMF requires sufficient authority in z/OS. Specifically, on the z/OS system to be managed, the resources to be accessed on behalf of z/OSMF users (data sets, operator commands, and so on) are secured through RACF. This session will describe user experiences on setting up z/OSMF with a focus on the security requirements.



Permission to certain UNIXPRIV class profiles can provide users with the ability to perform specific Superuser functions without requiring full Superuser authority. Other UNIXPRIV profiles influence RACF's decision as whether a user is allowed to access a file or directory. This presentation will introduce you to all the UNIXPRIV profiles and discuss how to make best use of them.



Bruce Wells, IBM

Bruce Wells is a senior software engineer for the RACF design and development group in Poughkeepsie, New York. He has extensive experience in both the z/OS and z/VM versions of the product, and has worked on various projects spanning other security components such as LDAP, ICSF, and System SSL. Bruce has been working in the RACF area for the past 25 years.


Ray Overby, Key Resources


Julie Bergh, IBM

Julie is IBM’s Lead World Wide z Systems Security Champion, has worked for IBM for the past 15 years and has many more years prior to that in the private sector. Julie is a certified IT specialist and has a Master’s Degree in Information Systems management. Prior to joining IBM, Julie worked at a variety of large companies (e. g., GMAC, MasterCard) where her roles ranged from programming and system programming to IT Internal Auditing and IT Management. In recent years, Julie’s efforts have been related to z System Security Migrations and Security Product Technical Sales, and as a result has broad experience engaging all levels of the customer organization from the C-Suite, to Security Management and to front line Security Analysts. Julie has experience in both customer and provider aspects of IBM’s z Systems Security, and possesses deep skills in z/OS, RACF, ACF2 and Top Secret administration.


Robert S. Hansel, RSH Consulting

Robert S. Hansel is Lead RACF Specialist and founder of RSH Consulting, Inc., a firm he established in 1992 and dedicated to helping clients strengthen their IBM z/OS mainframe access controls by fully exploiting all the capabilities and latest innovations in RACF. He has worked with IBM mainframes since 1976 and in information systems security since 1981. Mr. Hansel began working with RACF in 1986 and has been a RACF administrator, manager, auditor, instructor, developer, and consultant. He has reviewed, implemented, and enhanced RACF controls for major insurance firms, financial institutions, utilities, payment card processors, universities, hospitals, and international retailers. Mr. Hansel is especially skilled at redesigning and refining large-scale implementations of RACF using role-based access control concepts. He has also created elaborate automated tools to assist clients with RACF administration, database merging, identity management, and quality assurance.



Contact Barb Rhoads

 - Phone: 513-870-2000 x4457

 - Email: Barb_Rhoads@cinfin.com


Advanced Registration is requested to ensure sufficient refreshments and handouts are available.



Cincinnati Financial is located on S. Gilmore a short distance north of the I-275 Cincinnati Beltway at Exit 39. Look for Forrest Park Exit North (Cincinnati Mills mall (Bass Pro Shop)). Cincinnati Financial is approximately one block north of the shopping mall on the right.


See www.mapquest.com for more information to get to the Cincinnati Financial. (This link takes you right to the site map.)


Park in the Visitor's parking in the front of the building. If no visitor spots are available, you may use the parking in the rear of the building.


See the receptionist in the main lobby upon entry to the building to sign in. If you enter at either of the rear entrances, you will be escorted to the main lobby. From the main lobby, you will be escorted to the meeting location.


For questions related to the meeting location, contact Barb Rhoads

 - Phone: 513-870-2000 x4457

 - Email: Barb_Rhoads@cinfin.com




Hotels in the immediate vicinity of Cincinnati Financial:

Hampton Inn - 513-942-3440

Comfort Suites - 513-825-9035

SpringHill Suites Cincinnati North Forest Park - 513-551-5028



Past Meetings Agendas:

Dates, sponsors, topics, and speakers from our past meetings.


RACF is a trademark of International Business Machines Corporation.

Webpage provided courtesy of RSH Consulting, Inc.