Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
How users specify current security labels z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
TSO users can override their default security label by specifying
a value in the SECLABEL field on the logon panel or LOGON command.
Batch users can also override their default security label by specifying
the SECLABEL parameter on the JOB statement when a job is submitted
to the system.
Note: When SECLBYSYSTEM is in effect, a batch job submitted
with no security label executes with the security label of the JESINPUT
class profile, unless the JESINPUT class security label is SYSMULTI.
When a TSO user logs on using the TSO/E logon panel, and specifies a value in the SECLABEL field on the TSO/E logon panel, TSO records the value from the SECLABEL field in the TSO segment of the RACF® user profile (if the TSO segment exists). The next time the user logs on, TSO displays the value from this field in the SECLABEL field on the logon panel as a default. If the user changes the SECLABEL field while logging on, TSO modifies the SECLABEL field in the user's TSO segment with the new current security label. This new value is used as the default that is presented for the next logon. A user can also be assigned a current security label based on their
port-of-entry. For example, the security label of the port-of-entry
(in this case, a terminal) overrides a TSO user's default security
label if all of the following conditions are true:
When you are migrating from security levels and security categories
to security labels, consider setting the SECLABEL field using the
ADDUSER and ALTUSER commands as follows:
|
Copyright IBM Corporation 1990, 2014
|