Thanks, that's probably the simplest way.. Awesome Ms Terri E Shaffer Senior Systems Engineer, z/OS Support: ACIWorldwide - Telecommuter H(412-766-2697) C(412-519-2592) terri.shaf...@aciworldwide.com
-----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Lennie Dymoke-Bradshaw Sent: Tuesday, September 20, 2022 7:42 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Racf userid - CICS started as a job EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe. Why not code the userid on the Jobcard and then give the users who submit the job READ access to the SURROGAT profile for the userid? https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ibm.com%2Fdocs%2Fen%2Fzos%2F2.5.0%3Ftopic%3Dsubmitted-allowing-surrogate-job-submission&data=05%7C01%7Cterri.shaffer%40ACIWORLDWIDE.COM%7Cc74ba509e2e44ccded4708da9b61b79c%7Cd1b7f1185cb24d4e85a382e07efb07e9%7C1%7C0%7C637993141273312357%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J5LstzQoYZnX%2FF3AMoU2mgdqrVL7knX0tudIPxs5Y%2Fw%3D&reserved=0 Lennie Dymoke-Bradshaw https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Frsclweb.com%2F&data=05%7C01%7Cterri.shaffer%40ACIWORLDWIDE.COM%7Cc74ba509e2e44ccded4708da9b61b79c%7Cd1b7f1185cb24d4e85a382e07efb07e9%7C1%7C0%7C637993141273312357%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cwldOGh4uHCQS7PpVvwIwfsvzQMCBhV%2BpkWboLtUZ04%3D&reserved=0 'Dance like no one is watching. Encrypt like everyone is.' -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Shaffer, Terri Sent: 21 September 2022 00:27 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Racf userid - CICS started as a job Hi, I am asking this in the main forum hopefully it will be a simple answer, that I just don't see. So I have lots of experience setting up RACF STARTED class with STDATA so that started tasks run under a certain userid. Here we run our CICS's as jobs, since we are a development company, the programmers, can start/stop their CICS's when they need to. We are doing WEB pipeline development and I setup the directory structure for the CICSDFLT userid and the group is everyone else. If a batch job submits/starts CICS the CICS userid is picked up and everything works great. If the user needs to recycle the region its picking up their userid and then the CICS gets access issues. Is there a way to force it to use the DFLTUSER for batch jobs like I can setup for started tasks? I think I could use user=DFLTUSER on the jobcard, but then I would have to setup those userids as RESTRICTED, because no password. There is a small security risk with this, but these userids don't have TSO Segments, so its a limited exposure. Is there any other way to set this up? Besides as STC's. Ms Terri E Shaffer Senior Systems Engineer, z/OS Support: ACIWorldwide - Telecommuter H(412-766-2697) C(412-519-2592) terri.shaf...@aciworldwide.com ________________________________ [https://go.aciworldwide.com/rs/030-ROK-804/images/aci-footer.jpg] <http://www.aciworldwide.com> This email message and any attachments may contain confidential, proprietary or non-public information. The information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this email, please notify the sender immediately and destroy this email. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this email are those of the author personally. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ________________________________ [https://go.aciworldwide.com/rs/030-ROK-804/images/aci-footer.jpg] <http://www.aciworldwide.com> This email message and any attachments may contain confidential, proprietary or non-public information. The information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this email, please notify the sender immediately and destroy this email. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this email are those of the author personally. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN