A started procedure can gain access to RACF-protected resources
in the following ways:
- By the user ID or group name assigned as for any other user of
the system (for example, universal access, entry and access list,
and OPERATIONS).
- By having the privileged attribute, which allows
the started procedure to pass all authorization checking (unless the
CSA or PRIVATE operand is specified on the RACROUTE request). No installation
exits are called, no SMF records are generated, and no statistics
are updated. (Note that bypassing authorization checking includes
bypassing the checks for security classification of users and data.)
- By having the trusted attribute, which means the same as privileged,
except that you can request an audit using the SETROPTS LOGOPTIONS
command.