CDTINFO segment
in general resource profiles (CDT class): |
CASE
DEFAULTRC
DEFAULTUACC
FIRST
GENERIC
GENLIST
GROUP
KEYQUALIFIERS
MACPROCESSING
MAXLENGTH
MAXLENX
MEMBER
OPERATIONS
OTHER
POSIT
PROFILESALLOWED
RACLIST
SECLABELSREQUIRED
SIGNAL
|
CDTCASE
CDTDFTRC
CDTUACC
CDTFIRST
CDTGEN
CDTGENL
CDTGROUP
CDTKEYQL
CDTMAC
CDTMAXLN
CDTMAXLX
CDTMEMBR
CDTOPER
CDTOTHER
CDTPOSIT
CDTPRFAL
CDTRACL
CDTSLREQ
CDTSIGL
|
CFDEF
segment in general resource profiles (CFIELD class): |
TYPE
MAXLENGTH
MAXVALUE
MINVALUE
FIRST
OTHER
MIXED
HELP
LISTHEAD
|
CFDTYPE
CFMXLEN
CFMXVAL
CFMNVAL
CFFIRST
CFOTHER
CFMIXED
CFHELP
CFLIST
|
CICS segment in user profiles: |
OPCLASS
OPIDENT
OPPRTY
RSLKEY
TIMEOUT
TSLKEY
XRFSOFF
|
OPCLASS and OPCLASSN 2
OPIDENT
OPPRTY
RSLKEY and RSLKEYN 2
TIMEOUT
TSLKEY and TSLKEYN 2
XRFSOFF
|
CSDATA
segment in user and group profiles: |
custom-field-name
|
custom-field-name
|
DCE
segment in user profiles: |
AUTOLOGIN
DCENAME
HOMECELL
HOMEUUID
UUID
|
DCEFLAGS
DCENAME
HOMECELL
HOMEUUID
UUID
|
DFP
segment in data set profiles: |
RESOWNER
|
RESOWNER
|
DFP
segment in user and group profiles: |
DATAAPPL
DATACLAS
MGMTCLAS
STORCLAS
|
DATAAPPL
DATACLAS
MGMTCLAS
STORCLAS
|
DLFDATA
segment in DLFCLASS class profiles: |
RETAIN
JOBNAMES
|
RETAIN
JOBNAMES and JOBNMCNT 2
|
EIM
segment in user profiles: |
LDAPPROF |
LDAPPROF |
EIM
segment in FACILITY and LDAPBIND class profiles: |
DOMAINDN
KERBREGISTRY
LOCALREGISTRY
OPTIONS
X509REGISTRY
|
DOMAINDN
KERBREG
LOCALREG
OPTIONS
X509REG
|
ICSF
segment in CSFKEYS, GCSFKEYS, XCSFKEY, and GXCSFKEY class profiles: |
ASYMUSAGE
SYMEXPORTABLE
SYMEXPORTCERTS
SYMEXPORTKEYS
SYMCPACFWRAP
|
CSFAUSE
CSFSEXP
CSFSCLBS and CSFSCLCT 2
CSFSKLBS and CSFSKLCT 2
CSFSCPW
|
ICTX
segment in LDAPBIND class profiles: |
USEMAP
DOMAP
MAPREQUIRED
MAPPINGTIMEOUT
|
USEMAP
DOMAP
MAPREQ
MAPTIMEO
|
KERB
segment in user profiles: |
ENCRYPT
KERBNAME
MAXTKTLFE
|
ENCRYPT
KERBNAME
MAXTKTLFE
|
KERB
segment in REALM class profiles: |
CHECKADDRS
DEFTKTLFE
ENCRYPT
KERBNAME
MAXTKTLFE
MINTKTLFE
|
CHKADDRS
DEFTKTLFE
ENCRYPT
KERBNAME
MAXTKTLFE
MINTKTLFE
|
LANGUAGE
segment in user profiles: |
PRIMARY
SECONDARY
|
USERNL1
USERNL2
|
LNOTES
segment in user profiles: |
SNAME
|
SNAME
|
NDS
segment in user profiles: |
UNAME
|
UNAME
|
NETVIEW
segment in user profiles: |
IC
CONSNAME
CTL
MSGRECVR
OPCLASS
DOMAINS
NGMFADMN
NGMFVSPN
|
IC
CONSNAME
CTL
MSGRECVR
OPCLASS and OPCLASSN 2
DOMAINS and DOMAINSN 2
NGMFADMN
NGMFVSPN
|
OMVS
segment in group profiles: |
GID |
GID |
OMVS
segment in user profiles: |
ASSIZEMAX
CPUTIMEMAX
FILEPROCMAX
HOME
MEMLIMIT
MMAPAREAMAX
PROCUSERMAX
PROGRAM
SHMEMMAX
THREADSMAX
UID
|
ASSIZE
CPUTIME
FILEPROC
HOME
MEMLIMIT
MMAPAREA
PROCUSER
PROGRAM
SHMEMMAX
THREADS
UID
|
OPERPARM
segment in user profiles: |
ALTGRP 3
AUTH
AUTO
CMDSYS
DOM
KEY
HC
INTIDS
LEVEL
LOGCMDRESP
MFORM
MIGID 3
MONITOR
MSCOPE
ROUTCODE
STORAGE
UD 3
UNKNIDS
|
OPERALTG
OPERAUTH
OPERAUTO
OPERCMDS
OPERDOM
OPERKEY
OPERHC
OPERINT
OPERLEVL
OPERLOGC
OPERMFRM
OPERMGID
OPERMON
OPERMSCP and OPERMCNT 2
OPERROUT
OPERSTOR
OPERUD
OPERUNKN
|
OVM
segment in group profiles: |
GID
|
GID
|
OVM
segment in user profiles: |
FSROOT
HOME
PROGRAM
UID
|
FSROOT
HOME
PROGRAM
UID
|
PROXY
segment in user and FACILITY class profiles: |
BINDDN
LDAPHOST
|
BINDDN
LDAPHOST
|
SESSION
segment in APPCLU class profiles: |
CONVSEC
INTERVAL
LOCK
SESSKEY
|
CONVSEC
KEYINTVL
SLSFLAGS
SESSKEY
|
SIGVER
segment in PROGRAM class profiles: |
SIGREQUIRED
FAILLOAD
SIGAUDIT
|
SIGREQD
FAILLOAD
SIGAUDIT 4
|
SSIGNON
segment in PTKTDATA class profiles: |
KEYENCRYPTED
KEYMASKED
|
SSKEY
SSKEY
|
STDATA
segment in STARTED class profiles: |
USER
GROUP
PRIVILEGED
TRACE
TRUSTED
|
STUSER
STGROUP
FLAGPRIV
FLAGTRAC
FLAGTRUS
|
SVFMR
segment in SYSMVIEW class profiles: |
PARMNAME
SCRIPTNAME
|
PARMN
SCRIPTN
|
TME
segment in group and data set profiles: |
ROLES
|
ROLES and ROLEN 2
|
TME
segment in general resource profiles: |
ROLES
GROUPS
RESOURCE
CHILDREN
PARENT
|
ROLES and ROLEN 2
GROUPS and GROUPN 2
RESOURCE and RESN 2
CHILDREN and CHILDN 2
PARENT
|
TSO
segment in user profiles: |
ACCTNUM
COMMAND
DEST
HOLDCLASS
JOBCLASS
PROC
MAXSIZE
MSGCLASS
SECLABEL
SIZE SYS
UNIT
USERDATA
|
TACCNT
TCOMMAND
TDEST
THCLASS
TJCLASS
TLPROC
TMSIZE
TMCLASS
TSOSLABL
TLSIZE
TSCLASS
TUNIT
TUDATA
|
WORKATTR
segment in user profiles: |
WANAME
WABLDG
WADEPT
WAROOM
WAADDR1
WAADDR2
WAADDR3
WAADDR4
WAACCNT
|
WANAME
WABLDG
WADEPT
WAROOM
WAADDR1
WAADDR2
WAADDR3
WAADDR4
WAACCNT
|
Note: - Many operands in this table have corresponding versions
that include a prefix of NO. In addition, several operands have corresponding
versions that include prefixes of ADD and DEL. See the z/OS Security Server RACF Command Language Reference to identify these.
- For operands that are listed with two field-name qualifiers:
- To authorize READ access, define one FIELD profile specifying
the first value as the field-name qualifier. Permit
users READ access.
- To authorize UPDATE access, define two FIELD profiles. Define
one profile for each of the two field-name qualifiers
listed. Permit users UPDATE access to both profiles.
- This setting is ignored when each system sharing
the RACF database runs z/OS Version 1 Release 8 or
higher.
- The SIGAUDIT field controls the audit policy related
to digital signature verification of programs. Users with the AUDITOR
attribute can list the SIGAUDIT field but they cannot update it unless
they have UPDATE authority through field-level access checking.
|