z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Processing profiles and resources

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

IRRRID00 creates commands that change the protection of your resources. You should make sure that the resources protected by the RACF® profiles that are being altered or deleted have been properly renamed, deleted, or protected by other RACF profiles.

A resource that was protected by a profile that IRRRID00 has deleted is now protected by another less specific profile, your installation's PROTECTALL value (for data sets only), or any installation exits.

When IRRRID00 generates a DELDSD command to remove a profile for a discrete data set, it uses the NOSET operand, which leaves the RACF-indicated bit on in the VTOC.

Any data sets that have a high-level qualifier (HLQ) of a user ID or a group name that no longer exists should be archived or assigned new high-level qualifiers. You should consider renaming the data sets to another HLQ to ensure that they have proper protection and ownership.

DFSMSdss (or equivalent) can be used to delete or rename data sets. With appropriate profiles in the RACF FACILITY class, you can use the ADMIN option on DFSMSdss commands:
  • COPY with delete and rename unconditional
  • DUMP with delete followed by RESTORE with rename unconditional.
DFSMSdss also provides the following special patch flags, which are effective only when ADMIN is used:
  • Changing Default Protection Status During Restore
    Offset 13
    Turns off the RACF indicator in the volume table of contents
  • Bypass Storage and Management Class Authorization Checking During Restore
    Offset 16
    Bypass failures due to the owner of the resource being a revoked user ID
  • Bypass Storage and Management Class Authorization Checking During Copy
    Offset 3C
    Bypasses failures due to the owner of the resource being a revoked user ID
  • Allow COPY with DELETE of RACF Indicated Data Sets and No Discrete Profile
    Offset 3D
    Requests a warning instead of an error condition

For more information about DFSMSdss commands, patch flags, the ADMIN option, and use of appropriate FACILITY profiles, see z/OS DFSMSdss Storage Administration.

Parent topic: Using the RACF remove ID (IRRRID00) utility

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014