If the Resource Access Control Facility (RACF*), a component of the Security Server for OS/390, is active, these considerations apply:

• You must have valid RACF authorization to access any RACF-defined data sets with IEHMOVE. ALTER authorization is required to access the source data set for a MOVE function, as the source data set is scratched. When moving a volume or group of data sets, you must have adequate access authorization to all of the RACF-protected data sets on the volume or in the group.
• If you have the RACF ADSP attribute and IEHMOVE is to allocate space for the receiving data set, that data set will be automatically defined to RACF. If the data set does not have your userid as the first level qualifier, at least one of these conditions must be met:
  1. You specify MOVE or COPY with RENAME so that the first level qualifier is the correct userid,
  2. The data set being moved or copied is a group data set and you are connected to the group with CREATE authority, or
  3. You have the OPERATION attribute.
• If COPYAUTH is specified and the input data set is RACF-protected (whether or not you have the ADSP attribute) and the output data set is not preallocated, then the receiving data set of a MOVE or COPY operation is given a copy of the input data set's RACF protection access list during allocation, governed by the same restrictions for defining a data set for a user with the ADSP attribute. You must have ALTER access authorization to the input data set to either MOVE or COPY using COPYAUTH.
• The temporary work files are allocated with the nonstandard names of **SYSUT1.T<time>, **SYSUT2.T<time>, and **SYSUT3.T<time>. These names must be included as valid data set names in the RACF Naming Convention Table if that option is being used.