The z/OS Security Server is the primary tool that IBM recommends for managing security. Often the Security Server is called the Resource Access Control Facility (RACF). In the MVS environment, you can use RACF identify and verify users' authority to access data and to use system facilities. RACF protection can apply to a catalog and to individual VSAM data sets.
The system ignores password protection for SMS-managed data sets. See Data Set Password Protection.
If a discrete profile or a generic profile does not protect a data set, password protection is in effect.
Related reading: For more information about RACF, see z/OS Security Server RACF Security Administrator's Guide.