Public Objects

A public object is an object to which all subjects have READ-ONLY access, but to which only privileged subjects have READ/WRITE access. Since z/VM permits all subjects to have READ/ONLY access, no access control decision is necessary, and the event need not be auditable. All other operations, however, are subject to access control and audit.

To enhance performance, z/VM® makes public objects available as READ-ONLY and without audit. The system protects public objects from being created, modified, or deleted, except by users which have been given the “proper” privilege, or access, by the system administrator.

A saved segment is a group of one or more memory segments that has been previously loaded, saved, and assigned a unique name.

A log message (LOGMSG) is a message from the system administrator, or system operator, that appears on the screen every time a user logs on.

A logon logo is the “hello” screen which begins a terminal session; it contains identification information on the software product. The information on the logo screen can be changed for a particular installation, therefore, the rules on who can create, modify, or delete information apply. Logo information is similar to a log message.

Global access checking (GAC) is the first test performed by RACF to determine whether a subject should have access to an object and, if so, what kind of access. GAC checks a table that lists a group of objects and the kind of access that any subject in the system can gain to it. If the object appears in the GAC table, the subject immediately receives the sort of access listed. For additional information on GAC, see Objects in GAC Table and Global Minidisk Table Bypass DAC. To define an object to the GAC table, see z/VM: RACF Security Server Security Administrator's Guide.