RACF® is a program that protects data sets from unauthorized access by enabling you to define who can access your data sets and what functions they can perform on the data sets. RACF uses the information in a data set profile to determine whether a user is authorized to access the data set.

You can protect data sets with either separate RACF generic data set profiles or RACF discrete data set profiles. A RACF generic data set profile describes one or more data sets that have a similar name structure. A RACF discrete data set profile describes a specific data set on a particular volume.

DFSMShsm optionally creates a backup profile for the most recent backup version of a cataloged data set if the data set was protected with a RACF discrete profile at the time of the backup. DFSMShsm maintains only one backup profile for all backup versions of the cataloged data set. When all backup versions of the data set are scratched, the related backup profile is also scratched.

If the data set had a RACF discrete profile when backed up, profile recovery will be done if DFSMShsm finds out that the profile no longer exists when recovery is attempted.

If the data set had a RACF discrete profile when backed up and you specify NEWNAME, DFSMShsm creates a RACF discrete profile for the new name data set.

The following table lists the level of RACF resource access authority that you need to access and perform the DFSMShsm function on a RACF-protected data set. If you are not authorized to manipulate the data, DFSMShsm fails the command.

For more information on the use of RACF, see z/OS Security Server RACF Security Administrator's Guide