z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


The SPECIAL attribute

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

A user who has the SPECIAL attribute can issue all RACF® commands. The SPECIAL attribute gives the user full control over all of the RACF profiles in the RACF database.

The SPECIAL attribute can be delegated only by a user who has the SPECIAL attribute. It should be limited to the RACF security and group administrators. Persons having the SPECIAL attribute should be required to use operator identification cards and passwords or password phrases, and should change their passwords or password phrases often to help ensure security.

Note: Because any user can access an unprotected resource, users who have the SPECIAL attribute should take care to protect their own data sets, because they can contain sensitive information.

You can assign the SPECIAL attribute at the group level. When you do, the group-SPECIAL user has full control over all of the profiles within the scope of the group. For additional details, see User attributes at the group level.

For a list of the RACF commands that this attribute allows users to issue, see Table 1.

Parent topic: User attributes

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014