Before you begin: Specify the DD SECMODEL
or DD PROTECT=YES parameter in the JCL or dynamic allocation to extract
the security label from the RACF® user's
profile. Otherwise, the security label is extracted from the data
set profile. For information about using JCL statements, see z/OS MVS JCL Reference.
For information about using dynamic allocation, see z/OS MVS Programming: Authorized Assembler Services Guide.
Perform the following step to extract the security label from the
user's profile:
- Specify the DD SECMODEL or DD PROTECT
parameter in the JCL or
dynamic allocation, then submit the job.
_______________________________________________________________
Example
using the SECMODEL parameter:
//STEP20 EXEC PGM=IEFBR14
//SYSPRINT DD SYSOUT=A
//DD3 DD DSN=USER#1.S16SL001.DATASET3,
// DISP=(NEW,CATLG),SPACE=(TRK,(2,5)),
// STORCLAS=S1P01S01,UNIT=3390,
// SECMODEL=USER#1.S16SL001.MODEL.DATASET
The above
example specifies the DD SECMODEL parameter in JCL to extract a security
label from the discrete profile. The USER#1.S16SL001.MODEL.DATASET
data set has been assigned a security label. The security label of
the newly allocated data set USER#1.S16SL001.MODEL.DATASET is extracted
from the RACF discrete profile
of user USER#1.
Example using the PROTECT parameter:
//STEP16 EXEC PGM=IEFBR14
//SYSPRINT DD SYSOUT=A
//DD1 DD DSN=USER#1.S16SL002.DATASET1,
// DISP=(NEW,CATLG),SPACE=(TRK,(2,5)),
// STORCLAS=S1P01S01,UNIT-3390,PROTECT=YES
The above
example specifies the DD PROTECT=YES parameter in JCL to extract a
security label from the discrete profile. The security label of the
newly allocated data set USER#1.S16SL002.DATASET1 is extracted from
the RACF discrete profile of
user USER#1.
- Submit the job.
The security label is extracted from the specified
user's profile.
_______________________________________________________________
Result: Now you are ready to assign the security
label to the &SECLABL read-only variable to use in the storage
group ACS routine.