Grouping RACF users and resources
It is strongly recommended that you do not grant access to individual users, but try to group users into different categories. You can then define a RACF® user group for each category of users.
With RACF user groups, you need not change access lists of different profiles as often. When you must make a change, you add or remove a user ID in the group, or move the user ID to another group.
These categories are used at many Tivoli Workload Scheduler for z/OS installations:
- Schedulers
- Workstation operators
- Tivoli Workload Scheduler for z/OS shift leaders
- Machine room operators
- Tivoli Workload Scheduler for z/OS system support
Also consider using generic profiles when specifying RACF resource names. Resources protected by generic profiles have similar names and identical security requirements.