Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Understanding security levels and security categories z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
When RACF® is first installed, security classification of users and data is inactive. To use security levels and categories, activate the SECDATA class (but not the SECLABEL class). You can choose to use one or both parts of security classification processing. To use security level checking, you must define a profile in the SECDATA general resource class with the name SECLEVEL. To use security category checking, you must define a profile in the SECDATA general resource class with the name CATEGORY. The installation names for security categories and security levels are then defined as members of these profiles (in a manner similar to the global access table entries). You maintain the member entries by using the ADDMEM operand on the RDEFINE command and the ADDMEM and DELMEM operands on the RALTER command. In the CATEGORY profile, the member entries are the names of the security categories. In the SECLEVEL profile, each member entry consists of a security level name followed by its associated security level number. Note: You cannot define a SECLEVEL for a SECLEVEL profile in the SECDATA
class. As a result, RACF does
not perform security level checking when determining a user's authority
to access a SECLEVEL profile. Also, if you issue the RLIST SECDATA
SECLEVEL command to display a SECLEVEL profile, RACF does not display values in the SECLEVEL
or CATEGORY fields of the profile.
|
Copyright IBM Corporation 1990, 2014
|