To ensure that your enterprise's information is protected, the security administrator can enable RACF name-hiding for those data sets that contain critical information. When name-hiding is in effect, you cannot obtain data set names unless you have at least READ authority to access that data set. If you have access to the RACF FACILITY class STGADMIN.IFG.READVTOC.volser for the VTOC, you can see all data sets on the volume including the ones for which you do not have RACF READ authority. If you don't have access to STGADMIN.IFG.READVTOC.volser for a volume on the VTOC, you can display only data sets for which you have specific READ access.

Restrictions: The catalog search interface (CSI) treats fully qualified data set names like generic names. Therefore, if you use the CSI to request a fully-qualified data set name with name-hiding active, the data set name is hidden unless you have at least READ access to the data set.

Neither the CVAF macro or DADSM OBTAIN macro provides the name-hiding function to calling programs that are APF-authorized or running in supervisor state or key zero when name-hiding is active. In the name-hiding environment, these authorized programs can request name hiding by turning on the cv4nmhid flag in the CVAF parameter list (CVPL) for CVAF requests or by turning on byte 2 bit 3 (mask X'10') in the OBTAIN parameter list for DADSM OBTAIN seek requests.

Related reading: For more information on name-hiding and RACF protection of data set names, see z/OS DFSMS Using the New Functions and z/OS Security Server RACF Security Administrator's Guide.