Guideline: Assign a unique UID for each user and a unique GID for each group that needs access to z/OS® UNIX functions and resources. You can accomplish this when you use AUTOUID and AUTOGID keywords on the user and group commands, as described in Automatically assigning unique IDs using RACF commands.

However, when you have a large number of users without OMVS segments who need access to z/OS UNIX services, such as FTP, you might choose not to assign UNIX identities in advance of their need to use the services. In these cases, use this method to enable RACF® to automatically assign unique UIDs and GIDs at the time they are needed, when users without OMVS segments access certain z/OS UNIX services.

When RACF generates and returns a new unique UID, it saves that value in the new OMVS segment of the user profile. Similarly, when RACF generates and returns a new unique GID, it saves that value in the new OMVS segment of the group profile. This ensures that the UID or GID remains assigned to the same user or group for all future uses of z/OS UNIX services.

RACF assigns unique UIDs and OMVS segments for users independently from the GIDs and OMVS segments it assigns for the user's current connect group, based on what the callable service requires. For instance, when the initUSP callable service calls RACF for a unique ID, a UID might be needed for the user, but the user's current connect group might already have a GID. Conversely, the callable service might require a GID for the user's current connect group but not a UID for the user.

At your option, RACF can also propagate common program, home, and other OMVS attributes to first-time z/OS UNIX users. To do this, define a user profile to serve as a model for OMVS segment information. When you specify the profile name in the APPLDATA field of the BPX.UNIQUE.USER profile in the FACILITY class, RACF extracts the OMVS information (other than the UID) from the model profile and saves it in the user profile at the same time it assigns the user's unique UID.