Grouping RACF users and resources

It is strongly recommended that you do not grant access to individual users, but try to group users into different categories. You can then define a RACF® user group for each category of users.

With RACF user groups, you need not change access lists of different profiles as often. When you must make a change, you add or remove a user ID in the group, or move the user ID to another group.

These categories are used at many Tivoli Workload Scheduler for z/OS installations:

• Schedulers
• Workstation operators
• Tivoli Workload Scheduler for z/OS shift leaders
• Machine room operators
• Tivoli Workload Scheduler for z/OS system support

Also consider using generic profiles when specifying RACF resource names. Resources protected by generic profiles have similar names and identical security requirements.