Using security labels in ACS routines

You can use an automatic class selection (ACS) routine read-only security label variable, &SECLABL, as input to the ACS routine. The value of the security label (&SECLABL) is defined for specific users or data sets.

The security label is a name used to represent the association between a particular security level and a set of security categories. It indicates the minimum level of security required to access a data set protected by this profile. You can set the security label by entering it in the RACF® profile of the data set.

Before you begin: To understand the concepts of security labels, read z/OS Planning for Multilevel Security and the Common Criteria.

The following table lists the types of tasks and associated procedures that you must complete to fully use this enhancement.

Tasks	Procedure that you must perform:
Planning and installing	Planning to use security labels in ACS routines Installing security labels in ACS routines
Administering	Creating a security label in the RACF data set or user's profile Using JCL or dynamic allocation to extract the security label from the RACF user's profile Specifying the &SECLABL read-only variable in the ACS routine