It is very important that the data sets containing the primary and backup databases are properly protected. You should also ensure that data sets containing RACF® database information, such as backup copies and unloaded versions of the RACF database, are also protected. In protecting these data sets, you should ensure that only those users who have a definite job-related need to read or update the data have access. Any other users should not have access to the data sets containing your RACF databases.

• These data sets should be protected with data set profiles that specify UACC(NONE), NOWARNING, and ERASE. The profiles should not have ID(*) in the access list. The NOTIFY user ID should be the RACF security administrator. System programmers who need to use the block update command (BLKUPD) to repair the RACF database must have UPDATE authority to the database. System programmers and others who need to run IRRUT400 or IRRUT200 to copy the database will need READ authority (or UPDATE, if using the LOCKINPUT or UNLOCKINPUT parameters of IRRUT400). Anyone who needs to run IRRDBU00 against a RACF database will also need UPDATE access, but it might be better to give them READ access and have them make a copy of the database using IRRUT200, then run IRRDBU00 against the copy.
• If the installation uses profiles in the DASDVOL class to allow access to volumes, you should strictly limit the number of users who have READ access authority to the volumes that hold the data sets containing the RACF database. For more information, see DASD volume authority.