Hello Team,
Is it possible to add new RACF user to RACF database without having SPECIAL attribute.
Thanks in advance!!!.
Thanks,
XY09.
add new user to RACF
Previous topic • Next topic • 10 posts
• Page 1 of 1
add new user to RACF
by XY09 » Sat Nov 19, 2011 9:28 pm
- XY09
- Posts: 25
- Joined: Mon Apr 26, 2010 9:19 am
- Has thanked: 0 time
- Been thanked: 0 time
Re: add new user to RACF
by enrico-sorichetti » Sun Nov 20, 2011 12:26 am
NO.
but... why not check Yourself starting from
http://www-03.ibm.com/systems/z/os/zos/ ... index.html
and proceeding to the bookshelf for the zOS level You are interested in ?
but... why not check Yourself starting from
http://www-03.ibm.com/systems/z/os/zos/ ... index.html
and proceeding to the bookshelf for the zOS level You are interested in ?
cheers
enrico
When I tell somebody to RTFM or STFW I usually have the page open in another tab/window of my browser,
so that I am sure that the information requested can be reached with a very small effort
enrico
When I tell somebody to RTFM or STFW I usually have the page open in another tab/window of my browser,
so that I am sure that the information requested can be reached with a very small effort
- enrico-sorichetti
- Global moderator
- Posts: 3006
- Joined: Fri Apr 18, 2008 11:25 pm
- Has thanked: 0 time
- Been thanked: 165 times
Re: add new user to RACF
by dick scherrer » Sun Nov 20, 2011 12:52 am
Hello,
If you are not specificlly authotized to add users to racf, trying to do so may be an offense that justifies termination.
If you are not specificlly authotized to add users to racf, trying to do so may be an offense that justifies termination.
Hope this helps,
d.sch.
d.sch.
-
dick scherrer - Global moderator
- Posts: 6268
- Joined: Sat Jun 09, 2007 8:58 am
- Has thanked: 3 times
- Been thanked: 93 times
Re: add new user to RACF
by Robert Hansel » Tue Nov 22, 2011 2:43 am
In order to add a user to RACF without System SPECIAL, you need either:
1) Group-SPECIAL and CLAUTH(USER), provided the default group (DFLTGRP) of the new user is within the scope of groups for the Group-SPECIAL user, or
2) Group JOIN authority and CLAUTH(USER), provided the DFLTGRP of the new user is the same as the group for the JOIN authority user.
CLAUTH is an abbreviation for Class Authorization and is a user profile attribute. It must be assigned by a System SPECIAL user.
These authorities let you add a new user but not add or change user profile segments (e.g., TSO, OMVS). For that you will need FIELD class profile permissions.
1) Group-SPECIAL and CLAUTH(USER), provided the default group (DFLTGRP) of the new user is within the scope of groups for the Group-SPECIAL user, or
2) Group JOIN authority and CLAUTH(USER), provided the DFLTGRP of the new user is the same as the group for the JOIN authority user.
CLAUTH is an abbreviation for Class Authorization and is a user profile attribute. It must be assigned by a System SPECIAL user.
These authorities let you add a new user but not add or change user profile segments (e.g., TSO, OMVS). For that you will need FIELD class profile permissions.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
- Robert Hansel
- Posts: 12
- Joined: Fri Sep 17, 2010 12:24 am
- Has thanked: 0 time
- Been thanked: 4 times
Re: add new user to RACF
by steve-myers » Tue Nov 22, 2011 11:05 am
Mr. Hansel is correct, plus you usually have to do other things to properly create a new user.
- Create a master catalog alias to a user catalog for the user. If your site has multiple systems this must be done for the master catalog for each system.
- Create a RACF dataset profile (usually userid.* or userid.**) for the user.
- Your site may have additional requirements.
- steve-myers
- Global moderator
- Posts: 2105
- Joined: Thu Jun 03, 2010 6:21 pm
- Has thanked: 4 times
- Been thanked: 243 times
Re: add new user to RACF
by XY09 » Fri Jan 20, 2012 8:08 pm
Thank you Steve & Robert for your help.
I had given all the authorities for a particular user, he is able to define new user(s) in the GROUP where he has JOIN , group-SPECIAL, CLAUTH(USER), TSO & OMVS FIELD class authorities but he is not able to define the new user profiles to racf. Please help me on this.
I am getting below message while defining DI60609.* user profile.
"ICH09025I NOT AUTHORIZED TO RACF PROTECT DI60609.*".
Appreciate your help!!!.
Thanks,
xy09.
I had given all the authorities for a particular user, he is able to define new user(s) in the GROUP where he has JOIN , group-SPECIAL, CLAUTH(USER), TSO & OMVS FIELD class authorities but he is not able to define the new user profiles to racf. Please help me on this.
I am getting below message while defining DI60609.* user profile.
"ICH09025I NOT AUTHORIZED TO RACF PROTECT DI60609.*".
Appreciate your help!!!.
Thanks,
xy09.
- XY09
- Posts: 25
- Joined: Mon Apr 26, 2010 9:19 am
- Has thanked: 0 time
- Been thanked: 0 time
Re: add new user to RACF
by Robert Sample » Fri Jan 20, 2012 8:25 pm
It is not clear if you are referring to two separate problems in your post, or just one. For the ICH09025I message you're getting, the RACF Command Language Reference manual indicates for ADDSD:
Authorization Required
When issuing the ADDSD command as a RACF operator command, you might require sufficient authority to the proper resource in the OPERCMDS class. See z/OS Security Server RACF Security Administrator's Guide for further information.
...removed text ...
The level of authority you need to use the ADDSD command and the types of profiles you can define are:
To protect a user data set with RACF, one of the following must be true:
The high-level qualifier of the data set name (or the qualifier supplied by the RACF naming conventions table or by a command installation exit) must match your user ID.
You must have the SPECIAL attribute.
The user ID for the data set profile must be within the scope of a group in which you have the group-SPECIAL attribute.
To protect a group data set with RACF, one of the following must be true:
You must have at least CREATE authority in the group.
You must have the SPECIAL attribute.
You must have the OPERATIONS attribute and not be connected to the group.
The data set profile must be within the scope of the group in which you have the group-SPECIAL attribute.
The data set profile must be within the scope of the group in which you have the group-OPERATIONS attribute, and you must not be connected to the group.
- Robert Sample
- Global moderator
- Posts: 3720
- Joined: Sat Dec 19, 2009 8:32 pm
- Location: Dubuque, Iowa, USA
- Has thanked: 1 time
- Been thanked: 279 times
Re: add new user to RACF
by steve-myers » Fri Jan 20, 2012 10:07 pm
I don't think XY09 read ALL of Mr. Handel's post.
- steve-myers
- Global moderator
- Posts: 2105
- Joined: Thu Jun 03, 2010 6:21 pm
- Has thanked: 4 times
- Been thanked: 243 times
Re: add new user to RACF
by NicC » Sat Jan 21, 2012 1:45 pm
Hansel, Steve. Hansel!
The problem I have is that people can explain things quickly but I can only comprehend slowly.
Regards
Nic
Regards
Nic
- NicC
- Global moderator
- Posts: 3025
- Joined: Sun Jul 04, 2010 12:13 am
- Location: Pushing up the daisies (almost)
- Has thanked: 4 times
- Been thanked: 136 times
- steve-myers
- Global moderator
- Posts: 2105
- Joined: Thu Jun 03, 2010 6:21 pm
- Has thanked: 4 times
- Been thanked: 243 times
Previous topic • Next topic • 10 posts
• Page 1 of 1
-
- Related topics
- Replies
- Views
- Last post
-
- RACF User ID Management Question
by spassx » Tue Oct 26, 2010 12:55 am - 4 Replies
- 5336 Views
- Last post by steve-myers
Wed Oct 27, 2010 6:39 am
- RACF User ID Management Question
-
- Protect a user data set with RACF
by XY09 » Sun Apr 22, 2012 10:37 pm - 8 Replies
- 4146 Views
- Last post by steve-myers
Tue Apr 24, 2012 5:48 pm
- Protect a user data set with RACF
-
- List RACF user id with Password N/A
by Antonyraj85 » Sat Jan 11, 2014 12:04 pm - 3 Replies
- 5183 Views
- Last post by Antonyraj85
Mon Jan 13, 2014 4:36 pm
- List RACF user id with Password N/A
-
- CDT in RACF
by racf » Thu Nov 27, 2008 4:53 pm - 2 Replies
- 4784 Views
- Last post by aquarius
Wed Sep 16, 2009 6:42 pm
- CDT in RACF
-
- racf under zVM
by v clemons » Sun Sep 23, 2012 7:19 pm - 2 Replies
- 4825 Views
- Last post by dick scherrer
Mon Sep 24, 2012 7:20 am
- racf under zVM