z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Assigning group authorities

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Each user in a group might have different responsibilities for the group. These responsibilities might include creating resource profiles to be used by the group and adding new members to the group. You should assign a specific level of group authority to the user that is based on the user's responsibilities for administering and maintaining the group to which the user is connected. You can do this with the ADDUSER, ALTUSER, or CONNECT command.

The group authorities you can assign to a user are (in order of least to most authority): USE, CREATE, CONNECT, and JOIN. Each higher level authority includes the lower levels of authority. The group authorities are defined generally as follows:
  • The USE authority permits the user to access resources to which the group is authorized.
  • The CREATE authority permits the user to create group data set profiles.
  • The CONNECT authority enables the user to add RACF-defined users to the group.
  • The JOIN authority enables the user to define new users and new groups.

For the specific details of each group authority, see Group authorities.

Parent topic: Defining users and groups

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014