Using utilities on RACF-protected DASD data sets

RACF® performs authorization checking for RACF-protected DASD data sets that are accessed by the following system utilities when the utilities issue the OPEN macro instruction:

ADRDSSU
ICKDSF
IEBCOMPR
IEBCOPY
IEBDG
IEBEDIT
IEBGENER
IEBISAM
IEBPTPCH
IEBUPDTE
IEHLIST
IEHMOVE

To use these utilities on RACF-protected data sets, you must be defined to RACF and must be permitted access to any RACF-protected data sets that the utilities access (unless the UACC for the resource is sufficient to allow access).

Note:

You can use standard or nonstandard naming conventions when you define DASD data set profiles to RACF. By default (the standard naming convention), RACF expects the high-level qualifier of the name of a data set profile to be either a RACF-defined user ID or group name.
RACF also allows you to use options to modify existing data set names to make them conform to RACF standard naming conventions. For example, the single-level name prefixing facility of RACF adds a qualifier to make the data set name acceptable to RACF routines. If you are not familiar with the options for nonstandard naming conventions, see z/OS Security Server RACF Security Administrator's Guide for more information.

You also have the ability to create a naming convention table (ICHNCV00), which RACF uses to check the data set name in all commands and SVCs that process data-set names. Creating this table will help you set up and enforce data-set naming conventions that are different from the standard RACF naming convention. For more information, see Data set naming convention table and the description of the ICHNCONV macro in z/OS Security Server RACF Macros and Interfaces.
See RACF database utilities for a description of the RACF utilities that can be used on the RACF database.

The following topics describe special rules you must consider when using utilities on RACF-protected data sets.