Many programs and users are competing for the use of the system. So how does z/OS® preserves the integrity of each user's work? One technique is through the use of multiple storage protect keys.

Under z/OS, the information in central storage is protected from unauthorized use by means of multiple storage protect keys. A control field in storage called a key is associated with each 4K frame of central storage.

When a request is made to modify the contents of a central storage location, the key associated with the request is compared to the storage protect key. If the keys match or the program is executing in key 0, the request is satisfied. If the key associated with the request does not match the storage key, the system rejects the request and issues a program exception interruption.

When a request is made to read (or fetch) the contents of a central storage location, the request is automatically satisfied unless the fetch protect bit is on, indicating that the frame is fetch-protected. When a request is made to access the contents of a fetch-protected central storage location, the key in storage is compared to the key associated with the request. If the keys match, or the requestor is in key 0, the request is satisfied. If the keys do not match, and the requestor is not in key 0, the system rejects the request and issues a program exception interruption.

z/OS uses 16 storage protect keys. A specific key is assigned according to the type of work being performed. The key is stored in bits 8 through 11 of the program status word (PSW). A PSW is assigned to each job in the system.

Storage protect keys 0 through 7 are used by the z/OS base control program (BCP) and various subsystems and middleware products. Storage protect key 0 is the master key. Its use is restricted to those parts of the BCP that require almost unlimited store and fetch capabilities. In almost any situation, a storage protect key of 0 associated with a request to access or modify the contents of a central storage location means that the request will be satisfied.

Storage protect keys 8 through 15 are assigned to users. Because all users are isolated in private address spaces, most users– those whose programs run in a virtual region– can use the same storage protect key. These users are called V=V (virtual = virtual) users and are assigned a key of 8.