The SPECIAL or group-SPECIAL attribute

If you have the SPECIAL or group-SPECIAL attribute, you can issue the commands and operands shown in Table 1.

Table 1. Commands and operands you can issue if you have the SPECIAL or group-SPECIAL attribute
Command	Operands
ADDSD¹	With all operands
ADDGROUP	With all operands
ADDUSER	With all operands, but for group-SPECIAL user only when user also has CLAUTH(USER)
ALTDSD	With all operands except GLOBALAUDIT
ALTGROUP	With all operands
ALTUSER	With all operands except UAUDIT or NOUAUDIT. Also, you must have the SPECIAL attribute to use the NOEXPIRED operand or to issue the NOCLAUTH operand for a class name that is not in the class descriptor table (group-SPECIAL does not suffice).
CONNECT	With all operands
DELDSD¹	With all operands
DELGROUP	With all operands
DELUSER	With all operands
LISTDSD¹	With all operands
LISTGRP	With all operands
LISTUSER	With all operands
PASSWORD or PHRASE	With all operands
PERMIT	With all operands
RALTER	With all operands except GLOBALAUDIT
RACDCERT	With all operands. You must have the SPECIAL attribute to issue the RACDCERT command. Group-SPECIAL does not suffice.
RACLINK	With all operands
RACMAP	With all operands. You must have the SPECIAL attribute to issue the RACMAP command. Group-SPECIAL does not suffice.
RDEFINE	With all operands
RDELETE	With all operands
REMOVE	With all operands
RLIST	With all operands
SEARCH	With all operands
SETROPTS	With all operands except AUDIT, NOAUDIT, CMDVIOL, NOCMDVIOL, APPLAUDIT, NOAPPLAUDIT, LOGOPTIONS, OPERAUDIT, NOOPERAUDIT, SAUDIT, NOSAUDIT, SECLABELAUDIT, NOSECLABELAUDIT, SECLEVELAUDIT, and NOSECLEVELAUDIT, which require the AUDITOR attribute. Users with the group-SPECIAL attribute can only issue REFRESH GENERIC and LIST.
¹ This command applies to z/OS® systems. However, you can issue this command on a z/VM® system to maintain a RACF® database that is shared by z/OS and z/VM systems.