This topic summarizes the JCL parameters that relate to RACF®. For complete information,
see
z/OS MVS JCL Reference.
- On the JOB statement:
- USER parameter: Specify this parameter if user ID propagation
is not used or if the user is submitting a job for another user.
- PASSWORD parameter: Specify
this parameter only when absolutely necessary. Specifying this
parameter in JCL exposes the password to potential misuse.
Note: If
a JOB statement contains a RACF password,
you should establish procedures to ensure the security of the JOB
statement. For example, ensure that printed job logs are kept secure.
JES
suppresses the printing of passwords in output listings.
- GROUP parameter: Specify this parameter only if list-of-groups
processing is not in effect and if the user wants the job to
run with a group other than the user's default group.
- SECLABEL parameter: Specify this parameter
if the job is to run with a security label other than the user's current
security label.
If user ID propagation is used, all of these parameters
are optional. Also, a TSO SUBMIT installation exit, TSO, or other
procedures for handling batch jobs can place the RACF parameters on the JOB statement.
- On the DD statement:
- PROTECT parameter.
- LABEL parameter.
- MGMTCLAS parameter.
- STORCLAS parameter
- DSNAME parameter: Use the DSNAME parameter
to assign a temporary data set name to an in-stream data set and to
a SYSOUT data set. This name can be specified as a qualifier in JESSPOOL
profile names. For more information, see Defining profiles for SYSIN and SYSOUT data sets.
When
creating new data sets or tape volumes that require a new discrete
profile, specify PROTECT=YES to automatically define the discrete
profile.
Note: If the data set being created is adequately covered
by a generic profile, do not use the PROTECT parameter because this
forces the creation of a discrete profile.
- SECMODEL parameter: When creating new data
sets or tape volumes that require a new discrete profile, specify
the SECMODEL parameter to copy an existing data set profile to the
new discrete data set profile.
Note: If the data set being created
is adequately covered by a generic profile, do not use the SECMODEL
parameter because this forces the creation of a discrete profile.
- On the OUTPUT statement:
- DPAGELBL parameter: With PSF for z/OS® is installed, use the DPAGELBL
parameter to indicate whether the system should print information
related to the job's security label on each page of printed output.
- SYSAREA parameter: use the SYSAREA parameter
to indicate whether the system should reserve an area on each page
of printed output for information related to the security label.