You can use RACF® to assign
the TRUSTED attribute to key started procedures and address spaces.
Doing so generally allows the started procedure or address space to
bypass RACF authorization checking
and to successfully access or create any resource it needs.
A trusted started procedure or address space is treated as a z/OS® UNIX superuser
if a z/OS UNIX user identifier (UID) is assigned to it
in the OMVS segment, even when the assigned UID is not 0.
Guidelines: - Assign the TRUSTED attribute when one of the following conditions
applies:
- The started procedure or address space creates or accesses a wide
variety of unpredictably named data sets within your installation.
- Insufficient authority to an accessed resource might risk an unsuccessful
IPL or other system problem.
- Avoid assigning TRUSTED to a z/OS started
procedure or address space unless it is listed here or you are instructed
to do so by the product documentation.
Optional candidates for the TRUSTED attribute include the following:
- APSWPROA, APSWPROB, APSWPROC, APSWPROM, or APSWPROT
- CEA (optional for everything except z/OSMF ISPF applications)
- DFHSM
- DFS
- GPMSERVE
- OMVS
- SMSVSAM
- zFS
For more information, see "Associating started procedures and jobs with user IDs" in z/OS Security Server RACF System Programmer's Guide, and "Using
Started Procedures" in z/OS Security Server RACF Security Administrator's Guide.