z/OS DFSMSrmm Implementation and Customization Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Defining security classes: SECCLS

z/OS DFSMSrmm Implementation and Customization Guide
SC23-6874-00

Use the SECCLS command to define security classes for data sets and volumes. These security classes appear in reports and in output for the RMM TSO subcommands. DFSMSrmm records these security classes in the DFSMSrmm control data set only; it does not make RACF aware of them. There is no connection between these definitions and any similar definitions or function provided in RACF, but you can use similar values for overall consistency.

DFSMSrmm determines the security classification of a tape volume with multiple data sets by the highest classification found for a single data set.

Data sets that do not match any of the masks specified in SECCLS definitions are assigned no security classification. DFSMSrmm uses a number 0 to indicate no security classification. Whenever you create a tape data set, DFSMSrmm uses the SECCLS masks to classify data sets and volumes. Figure 1 shows an example of the SECCLS command and the operands you can code in the parmlib member EDGRMMxx.

If you remove a security class that is assigned to a volume, DFSMSrmm issues an error message when a data set on the volume is opened. DFSMSrmm also treats the volume as having the lowest defined security level. The default security class is defined by a mask of '**'.

Figure 1. Parmlib member EDGRMMxx SECCLS command examples
  SECCLS  NUMBER(01)                                           -
          NAME(UNCLASS)                                        -
          DESCRIPTION('UNCLASSIFIED')                          -
          MASK('**')                                           -
          SMF(N)                                               -
          MESSAGE(N)                                           -
          ERASE(N)
  SECCLS  NUMBER(02)                                           -
          NAME(U)                                              -
          DESCRIPTION('UNCLASS')                               -
          MASK('STSGAM.**')                                    -
          SMF(N)                                               -
          MESSAGE(N)                                           -
          ERASE(N)
  SECCLS  NUMBER(10)                                           -
          NAME(IUO)                                            -
          DESCRIPTION('INTERNAL USE ONLY')                     -
          SMF(N)                                               -
          MESSAGE(N)                                           -
          ERASE(N)                                             -
          MASK('SYS1.IUO.**')
  SECCLS  NUMBER(30)                                           -
          NAME(CC)                                             -
          DESCRIPTION('CONFIDENTIAL')                          -
          MASK('PAYROLL.**')                                   -
          SMF(Y)                                               -
          MESSAGE(N)                                           -
          ERASE(Y)
  SECCLS  NUMBER(100)                                          -
          NAME(IC)                                             -
          DESCRIPTION('CONFIDENTIAL')                          -
          MASK(+
	        '**.IC.**',+
          '**.VERTR.**',+
          '**.CONFI.**'+
               )                                               -
          SMF(Y)                                               -
          MESSAGE(N)                                           -
          ERASE(Y)
Parent topic: Using the parmlib member EDGRMMxx

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014