RACF® provides a generic profile-checking facility. With the always-call capability of catalogs, you can consolidate the access authorization requirements of several similarly named and similarly used data sets under a single generic profile definition. A generic profile is used to protect one or more data sets that have identical access requirements. For example, you can build a generic profile named ‘userid.*’ to protect all data sets cataloged under the same high-level qualifier. For more information, see z/OS Security Server RACF Command Language Reference.

catalog data sets that are protected by generic profiles are not RACF-indicated in the catalog. Therefore, RACF is always called for any access to data sets that are cataloged. If the data set is not protected by either a discrete profile or a generic profile, no protection is in effect. The catalog does not have to be RACF-protected in order for its data sets to be RACF-protected.

For catalog clusters that are cataloged, all the components of the catalog cluster are protected by one profile (the profile that protects the cluster name). This profile can be discrete or generic. You do not need to create profiles that protect the index and data components of a cluster.

Data sets protected with discrete profiles are flagged as "RACF-indicated." If a data set protected by a discrete profile is moved to a system where RACF is not installed, no user is given authority to access the data set. However, if the data set is protected with a generic profile, it is not flagged as "RACF-indicated"; therefore, access authority is determined by normal catalog password protection.