z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


CFIELD profile names

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

The format for a profile name in the CFIELD class is as follows:

profile-type.segment-name.custom-field-name

The variables of a profile name in the CFIELD class are defined as follows:
profile-type
Specify either USER or GROUP to indicate whether this custom field is defined for a user profile or a group profile.
segment-name
Specify CSDATA.
custom-field-name
Specify a name of up to 8 characters for this custom field. The custom-field-name value you choose will be used as the keyword for the following commands, based on the type of profile you specify in the CFIELD profile name.
  • For user profiles, the ADDUSER and ALTUSER commands.
  • For group profiles, the ADDGROUP and ALTGROUP commands.
Users can use the custom-field-name as a keyword to do the following:
  • Add and change data values for this custom field in the CSDATA segment.
    Examples: 
    ALTUSER user-ID CSDATA(EMPSER(value))
ALTGROUP group CSDATA(COMPADDR(value))
  • Remove the data from this custom field in the CSDATA segment, when prefixed with the NO characters.
    Examples: 
    ALTUSER user-ID CSDATA(NOEMPSER)
ALTGROUP group CSDATA(NOCOMPADDR)
Syntax rules for custom field names:
  • 1 - 8 characters in length.
  • Valid characters include 0 - 9, A - Z, # (X'7B'), $ (X'5B'), @ (X'7C'), and several special characters. TSO/E syntax requirements apply. For details about TSO/E syntax requirements, see "Syntax requirements for command and subcommand names" in z/OS TSO/E Programming Services.
    Restriction: If TSO/E disallows the command keywords associated with your custom field name, the custom field is not usable.
Guidelines:
  • Avoid defining custom field names that begin with the characters NO because they might conflict with another custom field and cause unpredictable results.

    For example, if you define two custom fields called THING and NOTHING for user profiles, when a user issues the ALTUSER command with the NOTHING keyword, it is unclear whether the user intends to remove THING data from the user profile or add NOTHING data.

  • On releases before z/OS® V2R1, avoid defining custom field names that are ambiguous subsets of other custom field names, such as HOMEADDR and HOME.

    Starting with z/OS V2R1, you can use a custom field whose name is a subset of another custom field name. For example, if you have defined the custom fields HOME and HOMEADDR, you can add data to the custom field HOME, if you fully specify the keyword HOME. However, in this example H, HO, and HOM are ambiguous.

Parent topic: Profiles in the CFIELD class

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014