The system provides security by verifying a user and verifying
that a user or program can access a process or file. It verifies the
user IDs and passwords or password phrases of users when they log
on to a TSO/E session or when a job starts. Then it does the following:
- When a user in a TSO/E session invokes the shell: RACF® verifies that the interactive
users are defined as z/OS UNIX users before
the system initializes the shell.
- When a daemon creates a process for a user: RACF verifies that the user is properly defined
before the system initializes the process.
- When a program requests a kernel service for the first time: RACF verifies that z/OS UNIX users are
running the program before the system provides the service. The types
of programs are:
- Application programs
- Started procedures
- Products that use kernel services, such as Resource Measurement Facility™ (RMF™)
Authorize a user to access
z/OS UNIX resources
by:
- Adding a GID to the RACF group
profile for an existing or new RACF group,
which is to be defined as the default group of the user
- Adding a UID to the RACF user
profile for an existing or new user and connecting each user to a RACF group that has a GID