Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Defining group administrators, group auditors, and data managers z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
For each group, define a group administrator with the group-SPECIAL
attribute. Only the administrator for GROUP1 has the authority to
define new users in that group. Each of the other administrators has
authority over the resources owned by his or her group, as well as
the resources owned by users who are owned by his or her group.
For groups GROUP1, GROUP2, and GROUP3, define a group-auditor.
Connect the user to GROUP1 and give the user the group-AUDITOR attribute.
Because GROUP2 and GROUP3 are owned by GROUP1, the user has auditor
authority over the resources and users belonging to those groups,
as well as to GROUP1. The user does not have auditor authority in
any other group.
The administrator for the data management group, the data manager,
is able to define DASD volumes to RACF® in
order to perform dump, restore, and data cleanup operations.
Because of his or her duties, the data manager is connected to
SYS1, allowing the manager to access data sets with SYS1 in their
access list and to define SYS1 data set profiles to RACF. The data manager has the group-SPECIAL
attribute in group SYS1.
At the end of the session, the defined group structure is:
The defined users are:
|
Copyright IBM Corporation 1990, 2014
|