The STARTED class

The purpose of the RACF® STARTED class is to assign RACF identities to started procedures to give the started procedures authority to access RACF-protected resources. The STARTED profile for a procedure can specify that the procedure is "trusted", and therefore can bypass security checking.

A "trusted" procedure can be assigned either the trusted attribute or the privileged attribute. Both of these attributes allow the procedure to bypass RACF authorization checking. The trusted attribute indicates that auditing of the access should not be bypassed. The privileged attribute causes auditing to be bypassed. Therefore, in a multilevel-secure system, use the trusted attribute instead of the privileged attribute for bypassing RACF authorization checking. Because authorization checking is bypassed, the audit options associated with individual resources are ignored. Use the SETROPTS LOGOPTIONS command or assign the UAUDIT attribute to the user ID associated with the started procedure to request auditing.

Profiles in the STARTED class have a segment, STDATA, that contains fields for the trusted and privileged attributes. You should have defined profiles in the STARTED class for all of your started procedures when you installed RACF, but you might have specified the privileged attribute for some started procedures. If you have defined profiles in the STARTED class, check them for any profiles that define started procedures to be privileged. If you find any, update the profiles to define the started procedures as trusted.

For information about the STARTED class, see z/OS Security Server RACF Security Administrator's Guide.

The started procedures table is an alternative to the STARTED class that you can use to assign RACF identities to started procedures and jobs. Check your started procedures table for procedures that are defined to be privileged, and if you find any, change them from privileged to trusted.

For information about the started procedures table, see z/OS Security Server RACF System Programmer's Guide.