LISTUSER your-userid

GROUP

The name of a group of which you are a member.

AUTH

The group authorities you have because you are a member of this group.

USE

Allows you to enter the system under the control of the specified group. You can use any of the data sets the group can use.

CREATE

Allows you to RACF-protect group data sets and control who can access them. It includes the privileges of the USE authority.

CONNECT

Allows you to connect RACF-defined users to the specified group and assign these users the USE, CREATE, or CONNECT authority. It includes the privileges of the CREATE authority.

JOIN

Allows you to define new users or groups to RACF and to assign group authorities. To define new users, you must also have the user attribute, CLAUTH(USER). JOIN authority includes all the privileges of the CONNECT authority.

CONNECT-OWNER

The owner of this group.

CONNECT-DATE

The date you were first connected to this group.

CONNECTS

The number of times you have been connected to this group.

UACC

The universal access authority for resources you create while connected to this group. If a user is not specifically listed in the access list describing a resource owned by the connect group, RACF looks at UACC and allows the user to use the resource in the manner specified in the UACC.

The UACC can have one of the following values:

NONE

Does not allow users to access the data set.

Attention: Anyone who has READ, UPDATE, CONTROL, or ALTER authority to a protected data set can create a copy of it. As owner of the copied data set, that user has control of the security characteristics of the copied data set, and can downgrade it. For this reason, you might want to initially assign a UACC of NONE, and then selectively permit a small number of users to access your data set, as their needs become known. (See Permitting an individual or a group to use a data set for information on how to permit selected users or groups to access a data set.)

READ

Allows users to access the data set for reading only. (Note that users who can read the data set can copy or print it.)

UPDATE

Allows users to read from, copy from, or write to the data set. UPDATE does not, however, authorize a user to delete, rename, move, or scratch the data set.

CONTROL

For VSAM data sets, CONTROL is equivalent to the VSAM CONTROL password; that is, it allows users to perform control-interval access (access to individual VSAM data blocks), and to retrieve, update, insert, or delete records in the specified data set.

For non-VSAM data sets, CONTROL is equivalent to UPDATE.

ALTER

ALTER allows users to read, update, delete, rename, move, or scratch the data set.

When specified in a discrete profile, ALTER allows users to read, alter, and delete the profile itself including the access list. However, ALTER does not allow users to change the owner of the profile.

When specified in a generic profile, ALTER gives users no authority over the profile itself, but allows users to create new data sets that are covered by that profile.

EXECUTE

For a private load library, EXECUTE allows users to load and execute, but not read or copy, programs (load modules) in the library.

Note: In order to specify EXECUTE for a private load library, you must ask for assistance from your RACF security administrator.

LAST-CONNECT

The last time you logged on or submitted a batch job with either the group as your default group or with the group explicitly specified. If you were never previously connected to the group, UNKNOWN is displayed.

CONNECT-ATTRIBUTES

The operating privileges and restrictions assigned to you when you are connected to this group. Connect attributes are also called group-level attributes. The connect (group-level) attributes are:

NONE

Allows no special operating privileges or restrictions. Users with the NONE attribute can still use RACF. In fact, most other attributes allow extraordinary privileges, and generally only a few users or groups have these attributes.

SPECIAL

Gives you full authorization to all profiles in the RACF database and lets you perform all RACF functions except those requiring the AUDITOR attribute.

AUDITOR

Lets you audit the use of system resources, control the logging of detected accesses to resources, and create security reports.

OPERATIONS

Gives you full authorization to all RACF-protected data sets and to general resources that meet certain conditions (described in z/OS Security Server RACF Security Administrator's Guide). OPERATIONS lets you perform any maintenance operations, such as copying and reorganizing a RACF-protected resource.

GRPACC

Lets you have the group data sets that you allocate automatically accessible to other users in the specified group.

CLAUTH

Lets you define profiles for any class specified in the class name.

ADSP

Is the automatic data set protection attribute. If you have the ADSP attribute, RACF creates a discrete profile for every permanent DASD or tape data set you create. If your installation is using automatic direction of application updates and you have the ADSP attribute, you might be notified of the results and output from these application updates. See Automatic direction of application updates for more information.

REVOKE

Prohibits a user from entering the system. (You should never be able to see this attribute when you list your own profile.)

REVOKE DATE

This is the date on which RACF prevents you from using the system when you try to connect to the group.

RESUME DATE

This is the date on which RACF allows you to use the system again when you are connected to the group.