Allow a userid to submit a batch job with a different userd and no password with ACF2

book

Article ID: 141597

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

On a system running ACF2, how do you submit a batch job from say TSO by a logged-on user but run the batch job with a different user without having to specify a password on the job card i.e. just USER=

I have read about using RESTRICT how do I set up RESTRICT.

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

RESTRICT specifies that the logonid is intended for production batch use (not for online or STC use) and does not require a password. By itself, this privilege makes a logonid vulnerable to unauthorized use, and is not suitable for production work (but could be used for a batch default logonid with limited read/write/alloc access).

To set up the use of RESTRICT, the logonid that you use for the USER= or //*LOGONID must have the RESTRICT attribute. Use the following commands

Set LID

CHANGE lid RESTRICT

When CA ACF2 reads the restricted logonid it will validate the access by the restricted logonid and create a logging record. 

For example, if I have a logonid ABCDE123 with the RESTRICT attribute and I mention USER=ABCDE123 it will execute;

12.06.10 JOB06069 ---- MONDAY,    25 NOV 2019 ----                             
12.06.10 JOB06069  $HASP373 MYID1234A STARTED - INIT 1    - CLASS A        - SYS
12.06.10 JOB06069  ACF9CCCD USERID ABCDE123 IS ASSIGNED TO THIS JOB - MYID1234A 
12.06.10 JOB06069  IEF403I MYID1234A - STARTED - TIME=12.06.10                  
12.06.10 JOB06069  IEF404I MYID1234A - ENDED - TIME=12.06.10                    
12.06.10 JOB06069  $HASP395 MYID1234A ENDED - RC=0000    

However, when I submit the same job with a logonid ABCDE124 that does not have the RESTRICT attrubte it will receieve error  'ACF01007 A PASSWORD IS REQUIRED FOR LOGONID ABCDE124 MVSDE28' and not execute:

//MYID1234A JOB  (11830000),'OS/MVS',MSGCLASS=X,MSGLEVEL=(1,1),         
//         NOTIFY=MYID1234,TIME=1439,CLASS=A,USER=ABCDE124               
//* ACF01007 A PASSWORD IS REQUIRED FOR LOGONID ABCDE124 MVSDE28        
//      EXEC PGM=IEFBR14                                               
/*                                                                     
$HASP106 JOB DELETED BY JES2 OR CANCELLED BY OPERATOR BEFORE EXECUTION  

Powered by Wolken Software