Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
The SPECIAL attribute z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
A user who has the SPECIAL attribute can issue all RACF® commands. The SPECIAL attribute gives the user full control over all of the RACF profiles in the RACF database. The SPECIAL attribute can be delegated only by a user who has the SPECIAL attribute. It should be limited to the RACF security and group administrators. Persons having the SPECIAL attribute should be required to use operator identification cards and passwords or password phrases, and should change their passwords or password phrases often to help ensure security. Note: Because any user can access an unprotected resource, users who
have the SPECIAL attribute should take care to protect their own data
sets, because they can contain sensitive information.
You can assign the SPECIAL attribute at the group level. When you do, the group-SPECIAL user has full control over all of the profiles within the scope of the group. For additional details, see User attributes at the group level. For a list of the RACF commands that this attribute allows users to issue, see Table 1. |
Copyright IBM Corporation 1990, 2014
|