This NMI can be used to obtain packet and data trace data. For
more information about this NMI, see the topic Real-time
application-controlled TCP/IP trace NMI (EZBRCIFR) in z/OS Communications Server: IP Programmer's Guide
and Reference.
In a multilevel secure environment, define the security labels
for the NMI RACF® resource profiles
and for the user IDs of the NMI applications as follows:
- RCCOpen request resource
- Define the EZB.TRCCTL.sysname.tcpname.OPEN
resource profile with a security label of SYSNONE.
- RCCSetFilters request packet and data trace resources
- The packet and data trace data provided by the NMI are considered
sensitive information that must be secured. The following resource
profiles are associated with this data:
- EZB.TRCCTL.sysname.tcpname.PKTTRACE
- EZB.TRCCTL.sysname.tcpname.DATTRACE
- EZB.TRCSEC.sysname.tcpname.IPSEC
- EZB.TRCSEC.sysname.tcpname.ATTLS
Set the security label associated with these resource profiles
to be the same as the security label of the user ID associated with
the TCP/IP stack.
- User ID of applications
- For those applications that request packet or data trace data,
the security label associated with the user IDs for the applications
can be SYSHIGH (or installation equivalent) if the security label
associated with the TCP/IP stack is SYSMULTI or SYSHIGH. However,
if the security label associated with the TCP/IP stack is not SYSMULTI
or SYSHIGH, the security label associated with the user IDs must be
SYSMULTI.