I do not understand this "default" userid TESTJOB. There is no concept of a "default" userid in any of the big 3 security systems, e.g., RACF, CA-ACF2 and CA-Top Secret. All
identify themselves, either by
- By specifying a USER=xxx,PASSWORD=yyy on a JOB statement submitted on a "real" card reader.
- By specifying a userid and password to logon to TSO or other interactive system that can submit a job such as CA-Roscoe.
- By inheriting a userid by submitting a job through the internal reader from an user identified by the first 2 bullets.
exception is a job submitted through a surrogate arrangement; the import of your quote is security administrators must
be very careful about authorizing this capability.
Actually this is not quite true. RACF assigns a default userid to jobs being flushed out of the system because there is no valid userid for the job, but these jobs do not execute and cannot access system resources. Which reminds me of an incident from 40+ years ago. This system was operated by a large university that assigned some sort of allowed resource units to everything; jobs hat were flushed from the system because they did not have any resource units remaining were assigned a system ID that supposedly had an infinite amount of resource units. Well, that wasn't true. One day this system ID ran out of resource units. Oops!