RACF restrictions

To ensure that security is not compromised in a multilevel-secure system:

Global access checking can be used to allow access to protected resources that are accessed on a regular basis by many users at an installation. Global access checking is performed before security label checking or access list checking is performed. Global access checking does not permit auditing of the access to the protected resource. Therefore, if a user is allowed access to a resource based on a global access checking table entry, security label checking and access list checking are not performed for that user and there is no audit record of the user's access to the resource.
To avoid the security exposure to a sensitive resource, define entries in the global access checking table for only those resources that do not require security label checking or access list checking and for which an audit record is not required. Your global entries should be made only for resources whose profiles specify a security label of SYSLOW. In addition, the global entry should specify an access level of READ, so that attempts to update the resource will require appropriate authorization using a profile.
Do not create a profile in the FACILITY class protecting the resource IEC.TAPERING. If the FACILITY class is active and the profile exists, a programmer with read authorization could potentially write on a tape. For information about IEC.TAPERING, see z/OS DFSMS Using Magnetic Tapes.
Do not use the RACF® remote sharing facility (RRSF) in remote mode. If you use RRSF in local mode, ensure that command direction cannot be used by taking one of the following actions:
- Ensure that the RRFSFDATA class is not active.
- Define the profile DIRECT.* in the RRSFDATA class with UACC(NONE) and no users in the access list.