Authorization Installation Exit Routine (ADRUPSWD)

DFSMSdss supports authorization checking of password- and RACF-protected data sets and volumes. DFSMSdss provides an exit routine to allow you to control or override the authorization checks (RACF, password, or operator) done by DFSMSdss.

The ADRUPSWD exit is not called if any of the following is true:

DFSMSdss is APF-authorized (when DFSMSdss is called by an APF-authorized program or invoked from an APF-authorized library using JCL) and NOPASS is specified on the PPT statement in the SCHEDxx parmlib member. The PPT statement defines the program properties table.
The user has the proper level of RACF DASDVOL authority.
For DEFRAG or CONSOLIDATE, if a RACF DASDVOL profile exists for the volume that is being processed. If the DASDVOL profile exists at all, either it allows the volume to be accessed (so there is no need to call the exit), or it causes the DEFRAG or CONSOLIDATE task to fail with a 913 abend (so DFSMSdss cannot call the exit).

Otherwise, the exit routine supplied with DFSMSdss causes DFSMSdss to perform the following processing:

Not relocate protected data sets for which you do not have read access during DEFRAG or CONSOLIDATE. You must supply a password for each protected data set.
Check authorization at the data set level for all functions and CONVERTV.

Note: DASDVOL is not supported for system-managed volumes.

If a data set is protected by using both RACF and a password, only RACF checking is done. Authorization for password-protected non-VSAM data sets is checked by comparing the user-supplied password to that in the PASSWORD data set. Authorization for VSAM data sets is also checked. The authorization check for VSAM data sets not cataloged in the integrated catalog facility catalog fails if the data set has more than 16 extents.

You can use the authorization exit to bypass authorization checking and improve DFSMSdss performance. However, there is a trade-off between security and performance.