z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Logging on as RACFADM, checking groups and users, and revoking IBMUSER

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Log on as RACFADM and use the default password, SYS1 in this case (IBMUSER's default group).

You receive a message stating that your password expired. Immediately change the password, SYS1, to a new password.

First, list all users to ensure that only RACFADM and IBMUSER are defined to RACF®, and that they have the proper attributes.
LISTUSER *
Then, list all of the groups that are defined to RACF: 
LISTGRP *
Connect RACFADM to each group and make RACFADM the owner of the group: 
CONNECT RACFADM GROUP(SYS1) AUTH(JOIN)
ALTGROUP SYS1 OWNER(RACFADM)
Then, revoke the IBMUSER user ID so that another user cannot use it: 
ALTUSER IBMUSER REVOKE
Note: You cannot delete the IBMUSER user profile.
Define another user to RACF (for example, user ID RACFAD2), to act as your assistant. Make the new user's default group SYS1, and give this assistant the SPECIAL and OPERATIONS user attributes. 
ADDUSER RACFAD2 DFLTGRP(SYS1) AUTH(JOIN) SPECIAL OPERATIONS
Parent topic: Getting started with RACF (after first installing RACF)

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014