[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: SETROPTS MLNAMES - question
From: Walter Farrell <wfarrell () US ! IBM ! COM>
Date: 2009-11-23 18:24:16
Message-ID: OF0BEACCD5.BB9A0CD6-ON85257677.0064F886-85257677.0065191B () us ! ibm ! com
[Download RAW message or body]
On Monday, 11/23/2009 at 12:32 EST, Russell D
Hardgrove/Poughkeepsie/IBM@IBMUS wrote:
> Shiva, I've worked on/in a few situations using MLNAMES. See DFSORT
> apar PK84253. I assisted the sort folks to find their defect.
>
>
> Near the very end of a SETR LIST output see
>
> .
> MULTI-LEVEL INTERPROCESS COMMUNICATIONS IS NOT IN EFFECT
> MULTI-LEVEL NAME HIDING IS NOT IN EFFECT <<<<======
> SECURITY LABEL BY SYSTEM IS NOT IN EFFECT
> .
>
>
> Once this is ACTIVE (SETR MLNAMES to turn on SETR NOMLNAMES to
> shut
> off) there will be addtional calls made to RACF outside of
> class=DATASET.
>
>
> Such as, where READ access is required to the below resource
>
> STGADMIN.IFG.READVTOC.volser CLASS(FACILITY)
>
> See section titled 3.8.3.1 The name-hiding function in book titled
> z/OS V1R10.0 Planning for Multilevel Security and the Common Criteria
> at url
> http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/e0z2e150
There will also be, as John McKown mentioned, a lot more calls in the
DATASET class, too, for operations such as listing catalog entries.
--
Walt
------------------------------
Walt Farrell, CISSP
IBM STSM, z/OS Security Design,
e-mail: wfarrell@us.ibm.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic