In general, when you create a RACF® profile, you become the owner of
the profile unless you specify otherwise. You can choose to specify
either a RACF group or a RACF-defined
user ID:
- If you make a user the owner of the RACF profile, the user can modify, list, and
delete the profile, or name another user to become the owner.
- If you make a group the owner of a RACF profile, you extend the scope of the group
(and, in some cases, the scope of its superior groups) to the RACF profile. If users have the
group-SPECIAL, group-AUDITOR, or group-OPERATIONS attributes in these
groups, their authority extends to the new profile. Further, if the
profile is a group profile, the scope can extend to profiles owned
by the group itself.
For a list of the RACF commands
that owners of resource profiles can issue, see Table 1.
The concept of ownership of any kind of RACF profile (user, group, or resource) is different
from other kinds of ownership:
- When a user attempts to access a protected resource, the user
might be considered an "owner" of the resource, and be given the equivalent
of ALTER access authority. This is true, for example, when a user
opens a data set whose high-level qualifier matches the user's user
ID.
- In data set profiles, you can specify a "resource owner" in
the RESOWNER field. This field is used when users allocate new SMS-managed
data sets protected by the profile. For more information, see Determining the owner of an SMS-managed data set.