RACF

RACF® is a component of the z/OS® Security Server. RACF, as the z/OS security manager, is responsible for making all access control decisions in z/OS. You can install another security product, but this book does not address the use of a security manager other than RACF, and IBM® cannot make any statement about whether a system with another security product would support multilevel security. This book assumes that you have installed RACF and have it working on your system.

Where to find more information

RACF provides the following support for multilevel security:

RACF authorizes access to protected resources based on the clearance of the user and the classification of the resource.
RACF authorizes access to protected resources so that users cannot declassify information.
RACF determines which data sets, files, and directories the user is authorized to see the names of when the name-hiding function is in effect.
RACF restricts certain security-oriented functions to a security administrator.
RACF provides the capability to audit all security-relevant events.
RACF provides the capability to audit the list of data sets affected by a change in the security label of a particular data set profile.
RACF allows users to query whether they have the write-down privilege, and activate and deactivate write-down mode if they do.