z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


JCL parameters related to RACF

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

This topic summarizes the JCL parameters that relate to RACF®. For complete information, see z/OS MVS JCL Reference.
  • On the JOB statement:
    • USER parameter: Specify this parameter if user ID propagation is not used or if the user is submitting a job for another user.
    • PASSWORD parameter: Specify this parameter only when absolutely necessary. Specifying this parameter in JCL exposes the password to potential misuse.
      Note: If a JOB statement contains a RACF password, you should establish procedures to ensure the security of the JOB statement. For example, ensure that printed job logs are kept secure.

      JES suppresses the printing of passwords in output listings.

    • GROUP parameter: Specify this parameter only if list-of-groups processing is not in effect and if the user wants the job to run with a group other than the user's default group.
    • SECLABEL parameter: Specify this parameter if the job is to run with a security label other than the user's current security label.

      If user ID propagation is used, all of these parameters are optional. Also, a TSO SUBMIT installation exit, TSO, or other procedures for handling batch jobs can place the RACF parameters on the JOB statement.

  • On the DD statement:
    • PROTECT parameter.
    • LABEL parameter.
    • MGMTCLAS parameter.
    • STORCLAS parameter
    • DSNAME parameter: Use the DSNAME parameter to assign a temporary data set name to an in-stream data set and to a SYSOUT data set. This name can be specified as a qualifier in JESSPOOL profile names. For more information, see Defining profiles for SYSIN and SYSOUT data sets.

      When creating new data sets or tape volumes that require a new discrete profile, specify PROTECT=YES to automatically define the discrete profile.

      Note: If the data set being created is adequately covered by a generic profile, do not use the PROTECT parameter because this forces the creation of a discrete profile.
    • SECMODEL parameter: When creating new data sets or tape volumes that require a new discrete profile, specify the SECMODEL parameter to copy an existing data set profile to the new discrete data set profile.
      Note: If the data set being created is adequately covered by a generic profile, do not use the SECMODEL parameter because this forces the creation of a discrete profile.
  • On the OUTPUT statement:
    • DPAGELBL parameter: With PSF for z/OS® is installed, use the DPAGELBL parameter to indicate whether the system should print information related to the job's security label on each page of printed output.
    • SYSAREA parameter: use the SYSAREA parameter to indicate whether the system should reserve an area on each page of printed output for information related to the security label.
Parent topic: Operating considerations

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014