Using EXECUTE access for programs and libraries in ENHANCED mode
This topic addresses only the differences caused by running in ENHANCED program security mode. Refer to More complex controls: Using EXECUTE access for programs or libraries (BASIC mode) for additional information.
Just as with PADS, ENHANCED program security mode puts additional restrictions on the use of execute-controlled programs. It does not matter whether they are execute-controlled because the user has EXECUTE via a PROGRAM profile or via a DATASET profile; RACF® treats both forms of execute-control the same for this purpose.
When running in BASIC program security mode, RACF allows access to execute-controlled programs
only when the UACC or access list allowed the access and the user
had a clean (controlled) program environment. When running in ENHANCED
program security mode, just as with PADS, RACF has an additional requirement. One of the
following must be true:
- The program that established the current program environment has the MAIN attribute
- The current program or the first program executed in the current or a parent MVS™ task has the BASIC attribute