Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Logging on with a security label other than your default security label z/OS Security Server RACF General User's Guide SA23-2298-00 |
|
Your installation can define its own security classifications. These classifications are security levels, security categories, and security labels. A security level is a name for a numeric security classification indicator. For example, a security level could be SECRET. A security category is a name corresponding to a department or area within an organization with similar security requirements. For example, an employee in the payroll department can be in the security category PAYROLL. A security label is used to represent the association between a particular security level and a set of zero or more security categories. For example, the security categories PAYROLL and PERSONNEL can both be associated with the security level SECRET by the security label PPSECR. If your installation uses security classifications, RACF® stores the security classifications for each user and each data set in user and data set profiles. When you request access to a data set, RACF checks your user profile and the data set profile to see if your security label is equal to or greater than the security label of the data set. RACF denies you access if you do not have the appropriate level. Your security administrator defines a default security label for you. However you might be able to log on with a different security label if you have been authorized. This alternate security label allows you access to resources that have the same security label. Note: If you want to log on with a security label, your installation
must have the security label class (SECLABEL) active. Check with your
security administrator.
|
Copyright IBM Corporation 1990, 2014
|