Security considerations

For security purposes, the data set tracks used before the relocation are erased after relocation under these conditions:

When the z/OS® Security Server (RACF® element) is installed and either:
- The data set was defined to RACF with the RACF ERASE option
- The VSAM data set has the ERASE attribute
- The data set is password protected. (In this case, if the data set is also defined to RACF, the RACF ERASE option is taken. Table 1 provides more detail.)

Table 1. Data Set Erase Table for DEFRAG with z/OS Security Server (RACF element).
	Password Protected	Defined ERASE	RACF Protected	Erased on Scratch
User Install Exit=ERASE (default)	No	No	No	No
	Yes	No	No	Yes
		Yes	No	Yes
	No	No	Yes (=ERASE)	Yes
	No	No	Yes (=NOERASE)	No
	No	Yes	Yes (=ERASE)	Yes
	No	Yes	Yes (=NOERASE)	Yes
	Yes	Yes	Yes (=ERASE)	Yes
	Yes	Yes	Yes (=NOERASE)	Yes
User Install Exit=NOERASE	No	No	No	No
Note: The catalog entry contains the ERASE attribute specified when the data set was defined (VSAM only).

The data set tracks that were used before the relocation are also erased after relocation if you have specified the ADMINISTRATOR keyword. This occurs whether the tracks are part of the erase-on-scratch data set or not.

You can prevent the tracks from being erased by using the installation options exit routine.

The DEFRAG function does not relocate protected data sets unless:

You have RACF DASDVOL update access to the volume.
You have RACF DATASET read access to the data sets on the volume.
You specify the read or update password for password-protected data sets, or the Installation Authorization Exit Routine supplied with DFSMSdss is changed to allow relocation of protected data sets.

When RACF DASDVOL class is active and a profile exists for the volume, a DASDVOL authorization failure causes the DEFRAG task to abend with a system code 913. This happens regardless of RACF data set access authority.

For more information about the installation options exit routine, refer to z/OS DFSMS Installation Exits.