Operators

All operators, human and automated operators, are defined and authenticated by an SAF product.

For example, to define a human operator who is called BOB with RACF®, the following definition is needed:

A NetView segment must be created.

ALU BOB NETVIEW(IC(LOGPROF1) MSGRECVR(NO) CTL(GLOBAL))
Data set permissions must be granted.
Note: If you use the Configuration Assistant and follow the IBM® recommendations, the granting of permissions is accomplished implicitly through group membership and group permissions as defined in the generated INGESAF member. See also the previous subsection.
(Optional) An OMVS segment must be created if you want to automate UNIX System Services processes

ALU BOB OMVS(UID(uid) HOME('/u/bob') PROGRAM ('/bin/sh'))
Where uid is a 1 - 10 digit integer value. It is the responsibility of your Security Administrator to define the human operators, appropriately.

A human operator might have other related SAF attributes, such as a default group it belongs to, a default data set profile, a TSO segment, and other information that is out of the scope of this document.

Note: You do not have to make the definitions for the auto operators yourself. The INGESAF member contains all the RACF commands that are necessary to add a user and set the necessary characteristics. Included is the definition of an OMVS segment and read access to BPX.SUPERUSER for those auto operators that can automate USS processes.

Finally, the SECOPTS.OPERSEC stylesheet option has to be set like follows:

SECOPTS.OPERSEC = SAFDEF

See also section Stylesheet Options for more information.