The base segment in user profiles

The base segment of a user profile contains basic information that is needed to define a user to RACF®. You can specify the following information in the base segment:

USERID: User's identification
NAME: User's name
OWNER: Owner of the user's profile
DFLTGRP: User's default group
AUTHORITY: User's authority in the default group
PASSWORD: User's password
NOPASSWORD: Gives the user the PROTECTED attribute when the user has the NOPHRASE and NOOIDCARD attributes
PHRASE: User's password phrase
NOPHRASE: Indicates that the user cannot enter the system using a password phrase and when the user also has the NOPASSWORD and NOOIDCARD attributes, gives the user the PROTECTED attribute
REVOKE: Date on which RACF prevents the user from having access to the system
RESUME: Date on which RACF lets the user have access to the system again
UACC: Default universal access authority for resources that the user defines
WHEN: Days of the week and hours of the day during which the user has access to the system
ADDCATEGORY: User's installation-defined security category
SECLEVEL: User's installation-defined security level
CLAUTH: Classes in which the user can define profiles
SPECIAL: Gives the user the system-wide SPECIAL attribute
AUDITOR: Gives the user the system-wide AUDITOR attribute
OPERATIONS: Gives the user the system-wide OPERATIONS attribute
DATA: Installation-defined data
ADSP: Indicates that all permanent data sets the user creates are to be RACF-protected with discrete profiles
GRPACC: Indicates that other group members can have access to any group data set the user protects with a data set profile
MODEL: Name of the data set model profile to be used when creating new data set profiles, either generic or discrete
OIDCARD: Indicates that the user must supply an operation ID card when logging on to the system
RESTRICTED: Indicates that global access checking, the ID(*) entry on the access list, and the UACC will not be used to allow this user access to a protected resource.
To prevent a restricted user from gaining access to a z/OS UNIX file system resource unless specifically authorized, see Controlling access to file system resources for restricted users.
SECLABEL: User's default security label
CERTNAME: The names of the profiles in the DIGTCERT class that are associated with this RACF user ID
CERTLABL: The certificate labels for the profiles in the DIGTCERT class that are associated with this RACF user ID
CERTPUBK: The public key associated with a public key certificate. This is the BER-encoded public key as specified in the certificate.
CERTSJDN: The subject name of the entity to whom the certificate is issued. This is the BER-encoded format of the subject's distinguished name as contained in the certificate.
Note: You can only add or delete the data in the CERTNAME, CERTLABL, CERTPUBK and CERTSJDN fields by using the RACDCERT command. The ADDUSER or ALTUSER commands have no effect on these fields.
NMAPNAME: The names of the profiles in the DIGTNMAP class containing certificate name filters that are associated with this RACF user ID
NMAPLABL: The labels for the certificate name filters that are associated with this RACF user ID

See z/OS Security Server RACF Command Language Reference for information about the authorization required to create, change, or view information in the base segment.