You identify a RACF user by an alphanumeric userid, which RACF associates
with the user profile for that user. The
"user" that you define to RACF
need not be a person, such as a CICS terminal user. For example, in the CICS
environment, a RACF userid can be associated with the procedure you use to
start CICS as a started task; and a userid can be associated with a CICS terminal (for the purpose
of preset security). The following list shows some of the basic segment information
that RACF holds for a user:
- Keyword
- Description
- USERID
- The user's userid
- NAME
- The user's name
- OWNER
- The owner of the user's profile—the RACF administrator or
other user authorized by the administrator, or a RACF group
- DFLTGRP
- The default group that the user belongs to
- AUTHORITY
- The user's authority in the default group
- PASSWORD
- The user's password
You define the RACF segment of a user profile using the ADDUSER command,
or the RACF ISPF panels. When planning RACF segments of user profiles for
CICS users, identify the groups that you want them to be in. Start by identifying
RACF administrative units for the users. For example, you could consider
all users who have the same manager, or all users within an order entry function,
an administrative unit. RACF handles these units as groups of individual
users who have similar requirements for access to CICS system resources.
For an overview of the steps required to add users to the system, see the z/OS Security Server RACF Security Administrator's Guide.