Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
The OMVS segment in user profiles z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
When you define a new z/OS UNIX user or
change z/OS UNIX attributes
for an existing user, you can specify the following information in
the OMVS segment of the user's profile:
To define or change information in the OMVS segment of a user profile, including one's own, you must have the SPECIAL attribute (to view or change it), the AUDITOR attribute (to view it), or sufficient authority to the OMVS segment fields through field-level access checking. Many installations allow users to view all of their OMVS information and to update selected fields, such as the home directory or default program. (Note that specifying a given path name in either of these fields does not grant users access to the path name; users still need the appropriate file system permission to access the path.) Guideline: Avoid allowing users to update their UID or the resource limit fields. To permit users to access all fields that are not protected by a more specific profile, define the USER.OMVS.* profile in the FIELD class. For example, to permit all users to view their own OMVS information, permit &RACUID with READ access to the USER.OMVS.* profile. To allow authorized administrators who need to change the OMVS information in others' profiles, permit them with UPDATE access. You can define more specific profiles to address special requirements. For example, you might define the USER.OMVS.HOME and USER.OMVS.PROGRAM profiles, authorizing &RACUID with UPDATE authority. You might also need to permit UPDATE access for administrators because the access list of a more specific profile will override that of a less specific profile. For more information, see Defining user identifiers (UIDs). |
Copyright IBM Corporation 1990, 2014
|