Assigning the RACF TRUSTED attribute
You can use RACF® to assign the TRUSTED attribute to key started procedures and address spaces. Doing so generally allows the started procedure or address space to bypass RACF authorization checking and to successfully access or create any resource it needs.
A trusted started procedure or address space is treated as a z/OS® UNIX superuser if a z/OS UNIX user identifier (UID) is assigned to it in the OMVS segment, even when the assigned UID is not 0.
- Assign the TRUSTED attribute when one of the following conditions applies:
- The started procedure or address space creates or accesses a wide variety of unpredictably named data sets within your installation.
- Insufficient authority to an accessed resource might risk an unsuccessful IPL or other system problem.
- Avoid assigning TRUSTED to a z/OS started procedure or address space unless it is listed here or you are instructed to do so by the product documentation.
- CEA for z/OSMF ISPF applications
- JES2 or JES3
- APSWPROA, APSWPROB, APSWPROC, APSWPROM, or APSWPROT
- CEA (optional for everything except z/OSMF ISPF applications)
For more information, see Associating started procedures and jobs with user IDs in z/OS Security Server RACF System Programmer's Guide, and Using started procedures in z/OS Security Server RACF Security Administrator's Guide.