System Functions
Some system functions are protected by RACF®. The following table shows the protection available.
| Function | VMXEVENT Member | CC-Secure | CC-Secure with LSM | |||
|---|---|---|---|---|---|---|
| Audit | DAC | Audit | DAC | MAC | ||
| APPC connect | APPCCON | optional | no | optional | no | R/W |
| APPC password validation¹ | APPCPWVL | optional | mandatory | optional | mandatory | access |
| CP command issued from directory | DIRECTRY_CMD | optional | no | optional | no | no |
| IUCV connect | IUCVCON | optional | no | optional | no | R/W |
| Load/find of restricted segment | RSTDSEG | optional | mandatory | optional | mandatory | R/O or R/W |
| MDISK | MDISK | optional | optional | optional | mandatory | R/O or R/W |
| Print of spool file | UTLPRINT | optional | no | optional | no | access |
| Spool file create | SPF_CREATE | optional | no | optional | no | no |
| Spool file delete | SPF_DELETE | optional | no | optional | no | no |
| Spool file open | SPF_OPEN | optional | no | optional | no | R/O |
| System data file create | SDF_CREATE | optional | no | optional | no | no |
| System data file delete | SDF_DELETE | optional | no | optional | no | no |
| System data file open | SDF_OPEN | optional | no | optional | no | R/O |
| Virtual network sniffer state change | SNIFFER_MODE | optional | mandatory² | optional | mandatory² | no |
|
Note:
¹ User authentication is performed, including password checking, if necessary. ² Authorization to promiscuously sniff traffic on a guest LAN or virtual switch requires CONTROL access to the associated VMLAN resource. |
||||||