Logging on as IBMUSER and checking initial conditions

IBMUSER is the first user ID that the security administrator can use. This user ID has the SPECIAL attribute, which allows IBMUSER to issue most of the RACF® commands (except for those reserved for users with the AUDITOR attribute) and the OPERATIONS attribute, which allows IBMUSER to access many RACF-protected resources.

When you enter the system for the first time with the IBMUSER user ID, you must change the initial password, SYS1, to a new password. A new password prevents any other user from entering the system as IBMUSER.

Log on as IBMUSER:

LOGON IBMUSER

After entering IBMUSER's old password (SYS1) and defining a new password, list the system-wide RACF options that are in effect:

SETROPTS LIST

Read through this list to familiarize yourself with the options that are in effect. For an explanation of what some of the options are and what they mean, see Using the SETROPTS command.

Note: Not all options are displayed at this point, because IBMUSER does not have the AUDITOR Start of change

or ROAUDIT End of change

attribute. If you want to see the status of these options, grant IBMUSER the Start of change

ROAUDIT

attribute, log off, and log on again. To see all of the options, issue SETROPTS LIST again.

For a complete listing of all of the options that are available, see z/OS Security Server RACF Command Language Reference.

Important: The option for the TERMINAL resource class should be specified as READ. Do not change it to NONE unless you have defined your terminals to RACF and authorized the appropriate users and groups to access them. If you specify TERMINAL(NONE) without first defining your terminals to RACF, you cannot access your terminals and, consequently, you will be locked out of your system.