The OMVS segment in user profiles
- ASSIZEMAX
- User's z/OS UNIX
RLIMIT_AS
(maximum address space size) - CPUTIMEMAX
- User's z/OS UNIX
RLIMIT_CPU
(maximum CPU time) - FILEPROCMAX
- User's z/OS UNIX maximum number of files per process
- HOME
- User's z/OS UNIX initial directory path name
- MEMLIMIT
- User's z/OS UNIX non-shared memory size
- MMAPAREAMAX
- User's z/OS UNIX maximum memory map size
- PROCUSERMAX
- User's z/OS UNIX maximum number of processes per UID
- PROGRAM
- User's z/OS UNIX program path name, such as a default shell program
- SHMEMMAX
- User's z/OS UNIX maximum shared memory size
- THREADSMAX
- User's z/OS UNIX maximum number of threads per process
- UID
- User's z/OS UNIX user identifier
To define or change information in the OMVS segment of a user profile, including one's own, you must have the SPECIAL attribute (to view or change it), the AUDITOR or ROAUDIT attribute (to view it), or sufficient authority to the OMVS segment fields through field-level access checking. Many installations allow users to view all of their OMVS information and to update selected fields, such as the home directory or default program. (Note that specifying a given path name in either of these fields does not grant users access to the path name; users still need the appropriate file system permission to access the path.)
Guideline: Avoid allowing users to update their UID or the resource limit fields.
To permit users to access all fields that are not
protected by a more specific profile, define the USER.OMVS.*
profile
in the FIELD class. For example, to permit all users to view their
own OMVS information, permit &RACUID
with READ
access to the USER.OMVS.*
profile. To allow authorized
administrators who need to change the OMVS information in others'
profiles, permit them with UPDATE access. You can define more specific
profiles to address special requirements. For example, you might define
the USER.OMVS.HOME
and USER.OMVS.PROGRAM
profiles,
authorizing &RACUID
with UPDATE authority. You
might also need to permit UPDATE access for administrators because
the access list of a more specific profile will override that of a
less specific profile.
For more information, see Defining user identifiers (UIDs).