z/OS DFSMSdfp Storage Administration
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Using JCL or dynamic allocation to extract the security label from the RACF user's profile

z/OS DFSMSdfp Storage Administration
SC23-6860-01

Before you begin: Specify the DD SECMODEL or DD PROTECT=YES parameter in the JCL or dynamic allocation to extract the security label from the RACF® user's profile. Otherwise, the security label is extracted from the data set profile. For information about using JCL statements, see z/OS MVS JCL Reference. For information about using dynamic allocation, see z/OS MVS Programming: Authorized Assembler Services Guide.

Perform the following step to extract the security label from the user's profile:

  1. Specify the DD SECMODEL or DD PROTECT parameter in the JCL or dynamic allocation, then submit the job.

    _______________________________________________________________

    Example using the SECMODEL parameter:

    //STEP20   EXEC PGM=IEFBR14
//SYSPRINT DD SYSOUT=A
//DD3      DD DSN=USER#1.S16SL001.DATASET3,
//         DISP=(NEW,CATLG),SPACE=(TRK,(2,5)),
//         STORCLAS=S1P01S01,UNIT=3390,
//         SECMODEL=USER#1.S16SL001.MODEL.DATASET

    The above example specifies the DD SECMODEL parameter in JCL to extract a security label from the discrete profile. The USER#1.S16SL001.MODEL.DATASET data set has been assigned a security label. The security label of the newly allocated data set USER#1.S16SL001.MODEL.DATASET is extracted from the RACF discrete profile of user USER#1.

    Example using the PROTECT parameter:

    //STEP16   EXEC PGM=IEFBR14
//SYSPRINT DD SYSOUT=A
//DD1      DD DSN=USER#1.S16SL002.DATASET1,
//         DISP=(NEW,CATLG),SPACE=(TRK,(2,5)),
//         STORCLAS=S1P01S01,UNIT-3390,PROTECT=YES

    The above example specifies the DD PROTECT=YES parameter in JCL to extract a security label from the discrete profile. The security label of the newly allocated data set USER#1.S16SL002.DATASET1 is extracted from the RACF discrete profile of user USER#1.

  2. Submit the job.

    The security label is extracted from the specified user's profile.

    _______________________________________________________________

Result: Now you are ready to assign the security label to the &SECLABL read-only variable to use in the storage group ACS routine.

Parent topic: Administering

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014