z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


User profiles

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

When you define a user to RACF®, you create a user profile in the RACF database. A user profile consists of a base segment and, optionally, any of the following segments: CICS®, CSDATA, DCE, DFP, KERB, LANGUAGE, LNOTES, NDS, NETVIEW, OMVS, OPERPARM, OVM, PROXY, TSO, and WORKATTR.

Each segment of a user profile consists of fields. When you define a user's profile (using the ADDUSER command) or change a user's profile (using the ALTUSER command), you can specify the information contained in each field of each segment of the profile.

To define or change information in a non-base segment of a user profile, including your own, you must have the SPECIAL attribute or at least UPDATE authority to the segment through field-level access checking.

To list the contents of a user profile or the contents of individual segments of the user profile, use the LISTUSER command.

To display the information in a non-base segment of a user profile, including your own, you must have the SPECIAL or AUDITOR attribute or at least READ authority to the segment through field-level access checking.

Guideline: Use field-level access control to let users view, and optionally modify, some or all of the information in the non-base segments of their user profiles.

For more information, see Field-level access checking, Controlling access to the DFP segment, and Field-level access checking for TSO.

When you use the RACDCERT command to add a certificate definition and associate it with a specified RACF-defined user ID, information about the definition is added to the user profile. To see the certificate definitions, enter: 
RACDCERT LIST
To issue this command, you must have one of the following authorities:
  • The SPECIAL attribute
  • Sufficient authority to resource IRR.DIGTCERT.LIST in the FACILITY class:
    • READ access to IRR.DIGTCERT.LIST to list this information for yourself
    • UPDATE access to IRR.DIGTCERT.LIST to list this information for others
When you use the RACDCERT command to add a certificate name filter and associate it with a specified RACF-defined user ID, information about the definition is added to the user profile. To see the certificate name filter definitions, enter: 
RACDCERT LISTMAP
To issue this command, you must have one of the following authorities:
  • The SPECIAL attribute
  • Sufficient authority to resource IRR.DIGTCERT.LISTMAP in the FACILITY class:
    • READ access to IRR.DIGTCERT.LISTMAP to list this information for yourself
    • UPDATE access to IRR.DIGTCERT.LISTMAP to list this information for others
When you use the RACDCERT command to add a certificate key ring and associate it with a specified RACF-defined user ID, information about the definition is added to the user profile. To see the ring definitions, enter: 
RACDCERT LISTRING
To issue this command, you must have one of the following authorities:
  • The SPECIAL attribute
  • Sufficient authority to resource IRR.DIGTCERT.LISTRING in the FACILITY class:
    • READ access to IRR.DIGTCERT.LISTRING to list this information for yourself
    • UPDATE access to IRR.DIGTCERT.LISTRING to list this information for others
When you use the RACLINK command to establish a user ID association, information about the association is added to the user profile. To see the user ID associations, enter: 
RACLINK LIST

For more information on how to use the ADDUSER, ALTUSER, LISTUSER, RACDCERT, and RACLINK commands, see z/OS Security Server RACF Command Language Reference.

Parent topic: Defining users

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014