z/OS Security Server RACF Callable Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACF authorization

z/OS Security Server RACF Callable Services
SA23-2293-00

  1. For request types 2, 3, and 4, IRRSKO00 checks whether the caller has superuser authority or is the owner of the target process, and returns a return and reason code indicating the result. For request type 5, if the SECLABEL class is active, IRRSKO00 also checks if the caller's security label is equivalent to the security label of the target process, unless the ACEE indicates trusted or privileged authority.
  2. The caller is an owner of a process if either the real or effective z/OS UNIX user identifier (UID) of the calling process is equal to either the real or saved UID passed in the Target_process_UIDs parameter area.
  3. If the caller is not superuser nor the process owner, and the request type is listed in Table 1, an authorization check is performed on the corresponding resource name in the UNIXPRIV class. If the authorization check is successful, the caller is treated as a superuser.
Table 1. UNIXPRIV class resource names used in ck_process_owner
Request type Resource name Access required
2, 5 SUPERUSER.PROCESS.KILL READ
3 SUPERUSER.PROCESS.GETPSENT READ
Parent topic: ck_process_owner (IRRSKO00): Check process owner

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014