Before
you begin: To understand security
labels, read z/OS Security Server RACF Security Administrator's Guide.
For information about RACF® commands,
see z/OS Security Server RACF Command Language Reference.
Perform the following steps to create a security label:
- Define the SECLEVEL
profile to the SECDATA class using the RACF RDEFINE
command.
Example: RDEFINE
SECDATA SECLEVEL UACC(NONE)
_______________________________________________________________
- Define security levels as members of the SECLEVEL profile in the
SECDATA class.
Example:
RALTER SECDATA SECLEVEL ADDMEM(seclevel-name/seclevel-number ...)
_______________________________________________________________
- Define the CATEGORY profile to the SECDATA class using the RDEFINE
command.
Example: RDEFINE SECDATA CATEGORY UACC(NONE)
_______________________________________________________________
- Define categories
as members of the CATEGORY profile in the SECDATA
class.
Example:
RALTER SECDATA CATEGORY ADDMEM(category-1 category-2 ...)
_______________________________________________________________
- For each security
label, define a profile in the SECLABEL class.
Example:
RDEFINE SECLABEL security-label SECLEVEL(seclevel-name) ADDCATEGORY(category-1
category-2 ...)
_______________________________________________________________
- Provide READ access authority
to each user of the security label.
In this example, EAGLE is the name of the security label.
Example:
PERMIT EAGLE CLASS(SECLABEL) ACCESS(READ) ID(AHLEE GROUP1)
_______________________________________________________________
- When you are ready to start
using security labels, activate the
SECLABEL class and activate SETROPTS RACLIST processing for the class.
Example: SETROPTS
CLASSACT(SECLABEL) RACLIST(SECLABEL)
_______________________________________________________________
Now you are ready to assign the security label to the &SECLABL
read-only variable to use in the storage group ACS routine.
z/OS DFSMSdfp Storage Administration
Copyright IBM Corporation 1990, 2014