Using started procedures
A procedure consists of a set of job control language statements that are frequently used together to achieve a certain result. Procedures usually reside in the system procedure library, SYS1.PROCLIB, which is a partitioned data set. A started procedure is usually started by an operator, but can be associated with a functional subsystem. For example, DFSMS is treated as a started procedure even though it does not need to be specifically started with a START command.
Only RACF-defined users and groups can be specifically authorized to access RACF-protected resources. However, started procedures have system-generated JOB statements that do not contain the USER, GROUP, or PASSWORD parameter.
To enable started procedures to access the same RACF-protected
resources that users and groups access, started procedures must have RACF® user IDs and group names.
By assigning them RACF identities,
your installation can give started procedures specific
authorization to access RACF-protected resources. For example, you
can allow JES to access spool data sets. To associate the names of
started procedures with
specific RACF group names and
user IDs, you and your RACF system
programmer can do one of the following:
- Set up the STARTED class (the preferred method).
- Create a started procedures table (ICHRIN03).