Update RACF for the agent for z/OS started task
This section describes how to define the agent for z/OS to your security system.
If your installation protects data and resources from unauthorized use, you must define the agent for z/OS to your security system. This section assumes that the Resource Access Control Facility (RACF®) is installed and active on your z/OS® system. It describes the activities you must perform to define and enable the security environment for the agent for z/OS.
RACF controls the interaction between users and resources. You define resources and the level of access allowed by users to these resources in RACF profiles. A user is an alphanumeric user ID that RACF associates with the user.
- The agent for z/OS address space that accesses data sets used by the work it schedules, and that submits work and issues JES commands.
- The USER parameter on the JOB card of a batch job to be submitted.
Controlling the user ID of the address space
Since the agent for z/OS runs as a started task, you must associate the cataloged procedure name with a suitably authorized RACF user. The user ID must be defined in the STARTED resource class.
Controlling the user ID of submitted jobs
- Normal production jobs, which are submitted from a HCL Workload Automation plan.
- Ad-hoc jobs, which you can submit directly using the Dynamic Workload Console or conman.
- You can submit work with the authority of the agent for z/OS address space. The job is given the same authority as the agent for z/OS.
- You can include a password in the JCL to propagate the authority of a particular user.
Protecting data sets
- The internal reader (EELBRDS)
- The diagnostic data sets (EELDUMP and SYSDUMP)
- The event data sets (EELEVDS and EELHTDS)
- The service data set (EELHTREF)
- The message library (EELMLIB)
- The message log (EELMLOG)
- The parameter library (EELPARM)
- The data sets monitoring list (EELJCLIB)
Moreover, software support people must be able to debug problems and reorganize files. You might give them alter access to all the product data sets.