Is there any way to specify USER= on the Jobcard without specifying a password?

Document ID : KB000026832
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

I want to run a batch job with other userid specified on USER= keyword on the jobcard so that the other userid would be assigned for the job.

To prevent security exposure, I want to specify no PASSWORD= keyword on the jobcard, but in such case CA ACF2 would fail the job with an error - "ACF01007 A PASSWORD IS REQUIRED FOR LOGONID logonid".

Is there any way to specify USER= on the jobcard without specifying a password?

 

Answer:

To submit a batch job with other userid specified on USER= keyword on the jobcard without specifying the password, there are two options:

  1. Specify a userid with RESTRICT attribute(no password is required) on USER= keyword.

  2. Give authority to use the other userid to the submitting user with a SURROGAT(TYPE=SUR) rule.

Here's an example rule to give authority to use userid ACFADM1

$KEY(ACFADM1) TYPE(SUR)
SUBMIT UID(uid_string_ for_submitting_user) ALLOW

Details of SURROGAT is described on the page for SURROGAT in "Chapter 20:JES Security Overview" in Administrator Guide.