Defining profile data

Profiles in the STARTED class include the STDATA segment, which contains fields for user ID, group name, trusted flag, privileged flag, and trace flag:

The user ID can be a RACF® user ID or the character string =MEMBER, which indicates that the member name is to be used as the user ID.
The group name can be a RACF group name or the character string =MEMBER, which indicates that the member name is to be used as the group name.
If tracing is specified, RACF issues operator message IRR812I during RACROUTE REQUEST=VERIFY or VERIFYX to indicate which profile is used.
This message can be used during diagnosis of security problems with started procedures, to determine which profile was used for a particular started procedure.

RACF performs partial diagnosis when creating the STDATA segment to help you define profiles that work correctly. For example, RACF verifies that a specified user ID is connected to the group name, if specified.

Attention:

Be sure to specify a group name (not =MEMBER) as the GROUP value of the STDATA segment, if both of the following are true:
1. The profile name contains generic characters (*, %, or &).
2. The USER value of the STDATA segment is the character string =MEMBER.
If you do not specify a group name, a new started procedure or job could be assigned on execution to a user ID that matches an existing user ID on your system. Consider defining a special group (for example, STCGROUP) for started procedures and job user IDs, and using this group name as the GROUP value of the STDATA segment.
In addition, be careful which libraries your started procedures come from and do not let your users update them. Refer to the JES customization manuals for information on specifying procedure libraries.