The base segment of a user profile contains basic
information that is needed to define a user to RACF®. You can specify the following information
in the base segment:
- USERID
- User's identification
- NAME
- User's name
- OWNER
- Owner of the user's profile
- DFLTGRP
- User's default group
- AUTHORITY
- User's authority in the default group
- PASSWORD
- User's password
- NOPASSWORD
- Gives the user the PROTECTED attribute when the user has the NOPHRASE
and NOOIDCARD attributes
- PHRASE
- User's password phrase
- NOPHRASE
- Indicates that the user cannot enter the system using a password
phrase and when the user also has the NOPASSWORD and NOOIDCARD attributes,
gives the user the PROTECTED attribute
- REVOKE
- Date on which RACF prevents
the user from having access to the system
- RESUME
- Date on which RACF lets
the user have access to the system again
- UACC
- Default universal access authority for resources that the user
defines
- WHEN
- Days of the week and hours of the day during which the user has
access to the system
- ADDCATEGORY
- User's installation-defined security category
- SECLEVEL
- User's installation-defined security level
- CLAUTH
- Classes in which the user can define profiles
- SPECIAL
- Gives the user the system-wide SPECIAL attribute
- AUDITOR
- Gives the user the system-wide AUDITOR attribute
- OPERATIONS
- Gives the user the system-wide OPERATIONS attribute
- DATA
- Installation-defined data
- ADSP
- Indicates that all permanent data sets the user creates are to
be RACF-protected with discrete profiles
- GRPACC
- Indicates that other group members can have access to any group
data set the user protects with a data set profile
- MODEL
- Name of the data set model profile to be used when creating new
data set profiles, either generic or discrete
- OIDCARD
- Indicates that the user must supply an operation ID card when
logging on to the system
- RESTRICTED
- Indicates that global access checking, the ID(*) entry
on the access list, and the UACC will not be used to allow this user
access to a protected resource.
To prevent a restricted user from
gaining access to a z/OS UNIX file system
resource unless specifically authorized, see Controlling access to file system resources for restricted users.
- SECLABEL
- User's default security label
- CERTNAME
- The names of the profiles in the DIGTCERT class that are associated
with this RACF user ID
- CERTLABL
- The certificate labels for the profiles in the DIGTCERT class
that are associated with this RACF user
ID
- CERTPUBK
- The public key associated with a public key certificate. This
is the BER-encoded public key as specified in the certificate.
- CERTSJDN
- The subject name of the entity to whom the certificate is issued.
This is the BER-encoded format of the subject's distinguished name
as contained in the certificate.
Note: You can only add or delete the
data in the CERTNAME, CERTLABL, CERTPUBK and CERTSJDN fields by using
the RACDCERT command. The ADDUSER or ALTUSER commands have no effect
on these fields.
- NMAPNAME
- The names of the profiles in the DIGTNMAP class containing certificate
name filters that are associated with this RACF user ID
- NMAPLABL
- The labels for the certificate name filters that are associated
with this RACF user ID
See z/OS Security Server RACF Command Language Reference for
information about the authorization required to create, change, or
view information in the base segment.