Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Selecting user IDs and group names z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
In your installation it might be enough for you to isolate development work from production. On the other hand, it might be more practical for you to define many individual users and groups. In either case, you should take a look at what already exists and modify RACF® to adapt to the current environment. For example, do any or all of the system users already have user IDs? If so, perhaps you can make use of them. For example, every data set name has its owner's user ID as its high-level qualifier by default. Batch Users: Batch users might not already have user IDs. Here,
you might consider assigning user IDs based on personnel number or,
if appropriate, group name. If it is not clear what to use as a user
ID, start by considering group names. Again, examine what already
exists:
Whatever you choose, consider carefully the longer term security objectives. Adding new groups and users to an existing structure presents few administrative problems. Even deleting users and groups can be done without much difficulty. However, a major reassignment of user IDs and group names, although possible, is best avoided by careful initial selection. |
Copyright IBM Corporation 1990, 2014
|