The OMVS segment in user profiles

When you define a new z/OS UNIX user or change z/OS UNIX attributes for an existing user, you can specify the following information in the OMVS segment of the user's profile:
User's z/OS UNIX RLIMIT_AS (maximum address space size)
User's z/OS UNIX RLIMIT_CPU (maximum CPU time)
User's z/OS UNIX maximum number of files per process
User's z/OS UNIX initial directory path name
User's z/OS UNIX non-shared memory size
User's z/OS UNIX maximum memory map size
User's z/OS UNIX maximum number of processes per UID
User's z/OS UNIX program path name, such as a default shell program
User's z/OS UNIX maximum shared memory size
User's z/OS UNIX maximum number of threads per process
User's z/OS UNIX user identifier

To define or change information in the OMVS segment of a user profile, including one's own, you must have the SPECIAL attribute (to view or change it), the AUDITOR or ROAUDIT attribute (to view it), or sufficient authority to the OMVS segment fields through field-level access checking. Many installations allow users to view all of their OMVS information and to update selected fields, such as the home directory or default program. (Note that specifying a given path name in either of these fields does not grant users access to the path name; users still need the appropriate file system permission to access the path.)

Guideline: Avoid allowing users to update their UID or the resource limit fields.

To permit users to access all fields that are not protected by a more specific profile, define the USER.OMVS.* profile in the FIELD class. For example, to permit all users to view their own OMVS information, permit &RACUID with READ access to the USER.OMVS.* profile. To allow authorized administrators who need to change the OMVS information in others' profiles, permit them with UPDATE access. You can define more specific profiles to address special requirements. For example, you might define the USER.OMVS.HOME and USER.OMVS.PROGRAM profiles, authorizing &RACUID with UPDATE authority. You might also need to permit UPDATE access for administrators because the access list of a more specific profile will override that of a less specific profile.

For more information, see Defining user identifiers (UIDs).