Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Activating the security classification of users and data z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
If you have the SPECIAL attribute, you
can activate security classification of users and data by specifying
CLASSACT(SECDATA) or CLASSACT(SECLABEL) on the SETROPTS command, as
shown in the following examples:
Security classification of users and data allows an installation to impose additional access controls on resources by defining security levels, security categories, and security labels for both users and resources. Note: You can create profiles in the SECDATA and SECLABEL classes,
and specify security classifications in resource and user profiles,
without actually activating the SECDATA and SECLABEL classes. When
authorization checking occurs, the security classifications are ignored
by RACF®. This allows you to
"label" the profiles without enforcing the security classifications.
If you have the SPECIAL attribute, you can also deactivate security classification of users and data by specifying NOCLASSACT(SECDATA) or NOCLASSACT(SECLABEL), as appropriate, on the SETROPTS command. NOCLASSACT(SECDATA) and NOCLASSACT(SECLABEL) are in effect when a RACF database is first initialized using IRRMIN00. |
Copyright IBM Corporation 1990, 2014
|