Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Preventing the copying of data to a lower security label (SETROPTS MLS option) z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
If you have the SPECIAL attribute, and if the SECLABEL class is active, you can prevent unauthorized users from copying data from a resource with one security label to a resource with a lower security label. This protection is also called controlling "writedown". To do this, enter:
Restrictions:
You can specify MLS(WARNING), rather than MLS(FAILURES), to allow the user request, but to send a warning message to the user and the security administrator. If you do not specify the FAILURES option with the SETROPTS MLS command, then MLS(WARNING) will be activated. Restriction: SETROPTS MLS(WARNING) does not apply to resources controlled by the SETROPTS MLFSOBJ option (z/OS UNIX files and directories) and the SETROPTS MLIPCOBJ option (interprocess communication objects). To cancel the SETROPTS MLS option, specify NOMLS on the SETROPTS command. |
Copyright IBM Corporation 1990, 2014
|