When a profile is copied during profile modeling, the new profile
could differ from the model in the following ways:
- RACF® places the user creating
the new profile on the access list with ALTER access authority or,
if the user is already on the access list, changes the user's access
authority to ALTER. This is true only if ADDCREATOR is in effect,
or if you are creating a discrete DATASET or TAPEVOL profile with
RACROUTE REQUEST=DEFINE. Otherwise, the user creating the new profile
is not placed on the access list or, if the user is already on the
access list, the user's authority is not changed when the access list
is copied to the new profile.
If the profile being added is for
a group data set and the user has the GRPACC attribute for that group, RACF places the group on the access
list with UPDATE access authority or, if the group is already on the
access list, changes the group's access authority to UPDATE.
Note: These
access list changes do not occur if the data set profile is created
only because the user has the OPERATIONS attribute.
- If the model profile contains members (specified with the ADDMEM
operand), the members are not copied into the new profile.
- If the SETROPTS MLS option is in effect, the security
label, if specified in the model profile, is not copied. Instead,
the user's current security label is used. For more information on
security labels, see Understanding security labels.
Note: When the
SETROPTS MLS option is in effect, if the SETROPTS MLSTABLE option
is also in effect and the user has the SPECIAL attribute, the security
label specified in the model profile is copied to the new profile.
For more information on security labels, see
Understanding security labels.
- For TAPEVOL profiles, TVTOC information is not copied to the new
profile.
- Even if SETROPTS NOADDCREATOR is set, the model profile access
list is copied exactly. Therefore, if the creator's user ID appeared
in the model's access list, the authority is copied to the new profile
exactly.
- Entries in the conditional access list of the model profile are
copied to the conditional access list of the new profile only when
the condition is valid for the class of the new profile.
- WHEN(SYSID) is valid only for the PROGRAM class. SYSID entries
are copied only when the new profile is a PROGRAM
class profile.
- WHEN(PROGRAM) is valid only for data sets and the SERVAUTH class.
PROGRAM entries are copied only when the new profile
is a data set profile or a SERVAUTH class profile.
- WHEN(CRITERIA) is valid only for general resource classes. CRITERIA
entries are not copied when the new profile is
a data set profile.