Supplied resource classes for z/VM systems
Table 1 lists the supplied classes you can use on z/VM systems. These classes are primarily relevant if you share your RACF® database with a z/VM system. See restrictions at the end of the table.
| Class name | Description |
|---|---|
| DIRECTRY | Protection of shared file system (SFS) directories. |
| FACILITY | Miscellaneous uses. Profiles are
defined in this class so resource managers (typically elements of
z/OS or z/VM) can check a user's
access to the profiles when the user takes some action. Examples are
the profiles used to control execution of RACDCERT command functions
and the profiles used to control privileges in the z/OS UNIX environment. RACF does not document all of the resources used in the FACILITY class by other products. For information on the FACILITY class resources used by a specific product (other than RACF itself), see that product's documentation. |
| FIELD | Fields in RACF profiles (field-level access checking). |
| FILE | Protection of shared file system (SFS) files. |
| GLOBAL | Global access checking. 1 |
| GMBR | Member class for GLOBAL class. 3 |
| GTERMINL | Terminals whose IDs do not fit into generic profile naming conventions. 1 |
| PSFMPL | When class is active, PSF/VM performs separator and data page labeling as well as auditing. |
| PTKTDATA | PassTicket key class. |
| PTKTVAL | Used by NetView/Access Services Secured Single Signon to store information needed when generating a PassTicket. |
| RACFVARS | RACF variables. In this class, profile names, which start with & (ampersand), act as RACF variables that can be specified in profile names in other RACF general resource classes. |
| RVARSMBR | Member class for RACFVARS. 3 |
| SCDMBR | Member class for SECDATA class. 3 |
| SECDATA | Security classification of users and data (security levels and security categories). 1 |
| SECLABEL | If security labels are used and, if so, their definitions. 2 |
| SFSCMD | Controls the use of shared file system (SFS) administrator and operator commands. |
| TAPEVOL | Tape volumes. |
| TERMINAL | Terminals (TSO or z/VM). See also GTERMINL class. |
| VMBATCH | Alternate user IDs. |
| VMBR | Member class for VMEVENT class. 3 |
| VMCMD | Certain CP commands and other requests on z/VM. |
| VMDEV | Controls access to z/VM real devices. |
| VMEVENT | Auditing and controlling security-related events (called z/VM events) on z/VM systems. |
| VMLAN | Controls access to z/VM guest LANs and virtual switches. |
| VMMAC | Used in conjunction with the SECLABEL class to provide security label authorization for some z/VM events. 4 |
| VMMDISK | z/VM minidisks. |
| VMNODE | RSCS nodes. |
| VMRDR | z/VM unit record devices (virtual reader, virtual printer, and virtual punch). |
| VMSEGMT | Restricted segments, which can be named saved segments (NSS) and discontiguous saved segments (DCSS). |
| VXMBR | Member class for VMXEVENT class. 3 |
| VMXEVENT | Auditing and controlling security-related events (called z/VM events) on z/VM systems. |
| VMPOSIX | Contains profiles used by OpenExtensions for z/VM. |
| WRITER | z/VM print devices. |
Restrictions:
|
|