On a system running ACF2, how do you submit a batch job from say TSO by a logged-on user but run the batch job with a different user without having to specify a password on the job card i.e. just USER=
I have read about using RESTRICT how do I set up RESTRICT.
Release : 16.0
Component : CA ACF2 for z/OS
RESTRICT specifies that the logonid is intended for production batch use (not for online or STC use) and does not require a password. By itself, this privilege makes a logonid vulnerable to unauthorized use, and is not suitable for production work (but could be used for a batch default logonid with limited read/write/alloc access).
To set up the use of RESTRICT, the logonid that you use for the USER= or //*LOGONID must have the RESTRICT attribute. Use the following commands
Set LID
CHANGE lid RESTRICT
When CA ACF2 reads the restricted logonid it will validate the access by the restricted logonid and create a logging record.
For example, if I have a logonid ABCDE123 with the RESTRICT attribute and I mention USER=ABCDE123 it will execute;
12.06.10 JOB06069 ---- MONDAY, 25 NOV 2019 ----
12.06.10 JOB06069 $HASP373 MYID1234A STARTED - INIT 1 - CLASS A - SYS
12.06.10 JOB06069 ACF9CCCD USERID ABCDE123 IS ASSIGNED TO THIS JOB - MYID1234A
12.06.10 JOB06069 IEF403I MYID1234A - STARTED - TIME=12.06.10
12.06.10 JOB06069 IEF404I MYID1234A - ENDED - TIME=12.06.10
12.06.10 JOB06069 $HASP395 MYID1234A ENDED - RC=0000
However, when I submit the same job with a logonid ABCDE124 that does not have the RESTRICT attrubte it will receieve error 'ACF01007 A PASSWORD IS REQUIRED FOR LOGONID ABCDE124 MVSDE28' and not execute:
//MYID1234A JOB (11830000),'OS/MVS',MSGCLASS=X,MSGLEVEL=(1,1),
// NOTIFY=MYID1234,TIME=1439,CLASS=A,USER=ABCDE124
//* ACF01007 A PASSWORD IS REQUIRED FOR LOGONID ABCDE124 MVSDE28
// EXEC PGM=IEFBR14
/*
$HASP106 JOB DELETED BY JES2 OR CANCELLED BY OPERATOR BEFORE EXECUTION