z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Ownership of a RACF group

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Each group that you define to RACF® must be owned by a RACF-defined user or by its superior group. You assign ownership of a group with the ADDGROUP command when you create a new group profile or with the ALTGROUP command when you change an existing group profile. If you are the owner of a group (or if you are a connected user who has the group-SPECIAL attribute), you have the authority to:
  • Define new users to RACF (provided you also have the CLAUTH attribute for the USER class)
  • Connect and remove users from the group
  • Delegate and change group authorities and set the default UACC for all new resources belonging to members of the group
  • Modify, list, and delete the group profile
  • Define, delete, and list the names of the subgroups under the group
  • Specify the group terminal option
Note: Ownership of a group by a user does not allow that user to update the access lists of resource profiles owned by the group.

For a list of the RACF commands that group owners can issue, see Table 1.

Parent topic: Group ownership and levels of group authority

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014