Is there any way to specify USER= on the Jobcard without specifying a password?
search cancel

Is there any way to specify USER= on the Jobcard without specifying a password?

book

Article ID: 26832

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

Question:

I want to run a batch job with other userid specified on USER= keyword on the jobcard so that the other userid would be assigned for the job.

To prevent security exposure, I want to specify no PASSWORD= keyword on the jobcard, but in such case CA ACF2 would fail the job with an error - "ACF01007 A PASSWORD IS REQUIRED FOR LOGONID logonid".

Is there any way to specify USER= on the jobcard without specifying a password?

 

Answer:

To submit a batch job with other userid specified on USER= keyword on the jobcard without specifying the password, there are two options:

  1. Specify a userid with RESTRICT attribute(no password is required) on USER= keyword.

  2. Give authority to use the other userid to the submitting user with a SURROGAT(TYPE=SUR) rule.

Here's an example rule to give authority to use userid ACFADM1

$KEY(ACFADM1) TYPE(SUR)
SUBMIT UID(uid_string_ for_submitting_user) ALLOW

Details of SURROGAT is described on the page for SURROGAT in "Chapter 20:JES Security Overview" in Administrator Guide.

Environment

Release:
Component: ACF2MS

Resolution

-

Powered by Wolken Software