z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Protecting DFP-managed temporary data sets

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can protect DFP-managed temporary data sets. Normally, these data sets are considered protected from any accesses except by the job or session that created them, and therefore do not need to be protected by RACF®. However, the following situations could leave a temporary data set unprotected:
  • A system failure
  • An initiator failure or initiator termination by the FORCE command
  • An automatic restart - between the failure and the restart

In these cases, if the TEMPDSN class is active, only users with the OPERATIONS attribute can scratch any residual DFP-managed temporary data sets remaining on a volume.

Note: The user with the OPERATIONS attribute can access the data set only to scratch the data set. No other access is allowed (such as would be allowed by READ or UPDATE access authority to the data set).
To activate the TEMPDSN class, enter: 
SETROPTS CLASSACT(TEMPDSN)
When you share the RACF database with a downlevel system running z/OS V1R12 or earlier, avoid activating the TEMPDSN class when current users or jobs are using temporary data sets. It might cause users or jobs on the downlevel system to receive an ABEND, as shown in the following scenario:
  1. The job or user on the downlevel system allocates a temporary data set.
  2. You activate the TEMPDSN class.
  3. The job or user opens the data set.
  4. Because activating the TEMPDSN class restricts the authority to open a temporary data set, the user or job receives an ABEND.
Parent topic: Protecting general resources

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014