DFSMShsm must be able to bypass RACF® during migration and backup of user data sets. You must, therefore,
define DFSMShsm to RACF and
give it the necessary level of authority. You do this by defining
an entry in the RACF started-procedures
module ICHRIN03, which contains the DFSMShsm startup procedure name
and a user ID that you define to RACF by
an ADDUSER command. Do not define this user ID with the automatic
data set protection (ADSP) attribute.
The following is an example of the RACF command you can use to define DFSMShsm to RACF.
ADDUSER (hsmid) DFLTGRP (grpname)
In this example,
hsmid is the user ID specified
in the RACF started-procedure
module ICHRIN03. The default group name is not important, but if it
is not specified, RACF sets
it to the current connect group of the user issuing the command.
Note: - The user who issues the ADDUSER command must have the RACF SPECIAL attribute.
- The UID parameter in the DFSMShsm startup procedure is not related
to the RACF user ID.
- If you are using remote sharing functions (RRSF) to propagate RACF commands to remote hosts,
it is suggested that the RACF user
ID for DFSMShsm be defined with the SPECIAL and OPERATIONS attributes
on all recipient systems.