I want to run a batch job with other userid specified on USER= keyword on the jobcard so that the other userid would be assigned for the job.
To prevent security exposure, I want to specify no PASSWORD= keyword on the jobcard, but in such case CA ACF2 would fail the job with an error - "ACF01007 A PASSWORD IS REQUIRED FOR LOGONID logonid".
Is there any way to specify USER= on the jobcard without specifying a password?
To submit a batch job with other userid specified on USER= keyword on the jobcard without specifying the password, there are two options:
- Specify a userid with RESTRICT attribute(no password is required) on USER= keyword.
- Give authority to use the other userid to the submitting user with a SURROGAT(TYPE=SUR) rule.
Here's an example rule to give authority to use userid ACFADM1
SUBMIT UID(uid_string_ for_submitting_user) ALLOW
Details of SURROGAT is described on the page for SURROGAT in "Chapter 20:JES Security Overview" in Administrator Guide.