REMOVE (Remove User from Group)
System environment
This command applies to both z/OS® and z/VM® systems.
Purpose
On both z/OS and z/VM, you can use the REMOVE command to remove a user from a group. In addition, on z/OS, you can use the REMOVE command to assign a new owner to any group data set profiles the user owns on behalf of that group.
Related Commands
- To add a group profile, use the ADDGROUP command as described in ADDGROUP (Add Group Profile).
- To change a group profile, use the ALTGROUP command as described in ALTGROUP (Alter Group Profile).
- To connect a user to a group, use the CONNECT command as described in CONNECT (Connect User to Group).
- To delete a group profile, use the DELGROUP command as described in DELGROUP (Delete Group Profile).
- To list a group profile, use the LISTGRP command as described in LISTGRP (List Group Profile).
Authorization Required
- You have the SPECIAL attribute
- The group profile is within the scope of a group in which you have the group-SPECIAL attribute
- You are the owner of the group
- You have JOIN or CONNECT authority in the group.
Syntax
The OWNER operand used with the REMOVE command applies to z/OS systems only. In addition on z/OS, REMOVE can assign a new owner to each group dataset profile currently owned by the user being removed.
The complete syntax of the command is:
|
Parameters
- userid
- specifies the user
you want to remove from the group. If you are removing more than one user from the group, you must
enclose the list of user IDs in parentheses.
This value is required and must be the first operand following REMOVE.
- GROUP(group-name)
- specifies the group from which the user is to be removed. If you omit this operand, the default is your current connect group. The value specified for group-name cannot be the name of user's default group.
- OWNER(userid or group-name)
- Note:
This operand applies to z/OS systems only.
OWNER specifies a RACF-defined user or group that will own the group data set profiles now owned by the user to be removed.
If you omit this operand when group data set profiles exist that require a new owner, RACF® does not remove the user from the group. (Group data set profiles are data set profiles whose names are qualified by the group name or begin with the value supplied by an installation exit.)
The new owner of the group data set profiles must have at least USE authority in the specified group. Do not specify a user who is being removed from the group as the new data set profile owner.
Examples
| Example 1 | Operation | User WJE10 wants to remove users AFG5 and GMD2 from group PAYROLL. |
| Known | User WJE10 has JOIN authority to group PAYROLL. User WJE10 is currently connected to group PAYROLL. On z/OS, users AFG5 and GMD2 are connected to group PAYROLL but do not own any group data set profiles, and group PAYROLL is not their default group. On z/VM, users AFG5 and GMD2 are connected to group PAYROLL, but group PAYROLL is not their default group. | |
| Command | REMOVE (AFG5 GMD2) |
|
| Defaults | GROUP(PAYROLL) | |
REMOVE Example for z/OS:
| Example 2 | Operation | User WRH0 wants to remove user PDJ6 from group RESEARCH, assigning user DAF0 as the new owner of PDJ6's group data set profiles. |
| Known | User WRH0 has CONNECT authority to group RESEARCH. User WRH0 is not logged on to group RESEARCH. User PDJ6 is connected to group RESEARCH and owns group data set profiles (PDJ6's default connect group is not RESEARCH). User DAF0 is connected to group RESEARCH with USE authority. | |
| Command | REMOVE PDJ6 GROUP(RESEARCH) OWNER(DAF0) |
|
| Defaults | None | |