Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Assigning a user ID to the RACF subsystem z/OS Security Server RACF System Programmer's Guide SA23-2287-00 |
|
The RACF® subsystem must have a valid RACF user ID. The RACF subsystem cannot be initialized if a valid RACF user ID is not assigned to it. The PROC name for the RACF subsystem must be the same as the name used in IEFSSNxx. Guideline: Assign a protected user ID to the RACF subsystem. A user ID becomes a protected user ID when it is assigned the NOPASSWORD, NOPHRASE, and NOOIDCARD attributes by an ADDUSER or ALTUSER command. A protected user ID cannot be revoked due to incorrect password or password phrase attempts or used to enter the system in ways that require a password or password phrase. For information on protected user IDs, see z/OS Security Server RACF Security Administrator's Guide. In a remote sharing environment, the first seven characters of the user ID assigned to the RACF subsystem are displayed at the end of TSO XMIT messages after a command is successfully directed. You might want to consider this when you choose the RACF subsystem user ID. The security administrator can assign a RACF user ID to the RACF subsystem using the STARTED class. If your installation has not activated the STARTED class, you can use the started procedures table (ICHRIN03). For more information, see Associating started procedures and jobs with user IDs. Example: The following example shows how you could assign
a RACF user ID to the RACF subsystem using ICHRIN03.
Note: The
following example is not really representative of ICHRIN03 because
it has only one entry.
Guideline: Define the RACF subsystem as privileged or trusted. You can use either the STARTED class or ICHRIN03 to do this. Example: If
your installation has activated the STARTED class, the security administrator
can create a profile for the RACF subsystem
in the STARTED class marked trusted, as shown in the following example,
where RACF is the name of the
subsystem and RACFAS is the RACF-defined user ID:
Example: If
you are using ICHRIN03 instead of the STARTED class, the following
example illustrates how to assign the RACF user
ID SUBSYS to the RACF subsystem
and mark it trusted:
|
Copyright IBM Corporation 1990, 2014
|