Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
The GRPACC (group access) attribute z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
If a user has the GRPACC attribute, any group data set profiles that the user defines to RACF® (through either the ADSP attribute, the PROTECT parameter on the DD statement, or the ADDSD command) are automatically made accessible to other users in the group if the user defining the profile is a member of that group. The group whose name is used as the high-level qualifier of the data set name is given UPDATE authority to the data set. Note that, if the defining user does not have the GRPACC attribute, and profile modeling is not being used, the user must use the PERMIT command to allow the group to access the group data set. A user to whom you assign the GRPACC attribute at the user level has this attribute in all of the groups of which the user is a member. If a user has the GRPACC attribute at the group level, the attribute applies only to the group in which the user has the attribute. You should assign the GRPACC attribute with care, especially if the RACF user to whom you are assigning the attribute is allowed to RACF-protect group data sets in several groups. This user could unintentionally authorize groups to access a group data set to which they should not have access. Only the owner of a user's profile (or a user who has the SPECIAL attribute) can assign the GRPACC attribute. Tips:
|
Copyright IBM Corporation 1990, 2014
|