On a system running ACF2, how can a batch job be submitted by a logged-on user but ran with a different user without having to specify a password on the job card? i.e. just USER=
What is the RESTRICT attribute on the logonid?
Release : 16.0
Component : CA ACF2 for z/OS
RESTRICT specifies that the logonid is intended for production batch use (not for online or STC use) and does not require a password. By itself, this privilege makes a logonid vulnerable to unauthorized use, and is not suitable for production work (but could be used for a batch default logonid with limited read/write/alloc access).
To set up the use of RESTRICT, the logonid used for the USER= or //*LOGONID must have the RESTRICT attribute. Use the following commands
CHANGE lid RESTRICT
When CA ACF2 reads the restricted logonid it will validate the access by the restricted logonid and create a logging record. The ACFRPTJL report displays a log of all system accesses by logonids with the RESTRICT field.
Note that enhancement PTF LU05334 adds functionality to further secure the RESTRICT logonid by allowing SURROGAT class rules to be used for these ids.