Elevate - Increase privilege level

Key Characteristics

• • ESM Controlled: Authorization for privilege elevation is primarily managed by an External Security Manager (ESM) such as RACF, ACF2, or Top Secret, which defines and enforces access rules.
  • Program vs. User Authorization: Elevation can apply to a user (e.g., through RACF attributes like SPECIAL or AUDITOR) or to a program (e.g., by being APF-authorized, running in Key 0, or being defined in the Program Properties Table - PPT).
  • Granular Levels: z/OS supports various levels of authorization, from basic resource access (e.g., READ, UPDATE on a dataset) to highly privileged states like Supervisor State, Key 0, or APF-authorization.
  • System Integrity: Elevated privileges are fundamental for the operating system and core utilities to perform critical functions, such as managing memory, I/O, and security, ensuring the overall stability and integrity of the system.
  • Security Implications: Improper or unauthorized privilege elevation poses a significant security risk, potentially allowing unauthorized access to sensitive data, system disruption, or circumvention of security controls.
  • Dynamic or Static: Privilege can be elevated statically (e.g., a program permanently residing in an APF-authorized library) or dynamically (e.g., a program requesting specific authorization for a temporary task).

Use Cases

• • System Utilities Execution: Core z/OS utilities like IDCAMS, DFSMSdss, or IEBGENER often run APF-authorized to perform operations on system datasets, manage storage, or manipulate critical system resources.
  • Security Product Operation: External Security Managers (ESMs) themselves require the highest levels of privilege to manage security definitions, validate user credentials, and enforce access controls across the entire system.
  • Database Management Systems: DB2 and IMS subsystems operate with elevated privileges to manage their address spaces, perform low-level I/O operations on raw disk, and interact with the z/OS kernel for resource allocation.
  • Middleware Services: Application servers like CICS or WebSphere Application Server for z/OS require specific authorizations to manage transactions, access protected resources, or interface with other privileged subsystems.
  • Custom System Exits: User-written exits or system services that need to perform sensitive operations, such as modifying system control blocks or accessing restricted memory areas, must be designed to run with appropriate authorization.

Related Concepts