Defining terminal users and user groups to RACF

You should plan to define your CICS terminal users in groups. For this purpose, try to place the users of CICS systems in groups for ease of administration. For example, you might consider that all users who have the same manager, or all users within an order entry function, are an administrative unit. You can define such users to RACF as groups of individual users who have similar access requirements to CICS system resources. See the z/OS Security Server RACF Security Administrator's Guide for more information about:

When you define a group, and then define users as members of that group, all the users in the group can access the resources to which the group has been given access.

The group structure selected depends on your own installation's requirements. Use the RACF command ADDGROUP to create a new group:
ADDGROUP groupname OWNER(userid)
Use the ADDUSER command to add new users to the group, defining the group name as the user's default group:
ADDUSER userid NAME(username) DFLTGRP(group_id)
        CICS(OPCLASS(1,2,..,n) OPIDENT(abc) OPPRTY(255) TIMEOUT(minutes)
             XRFSOFF(NOFORCE) LANGUAGE(PRIMARY(language))
You can make a terminal user a member of more than one group by using the CONNECT command to add the user to a group other than that user's default group:
CONNECT userid GROUP(groupname)
Use the ALTUSER command to change a user's default group, as follows:
ALTUSER userid DFLTGRP(groupname)
Use the ALTUSER command to add CICS data for an existing userid. See The CICS segment for details of the CICS optional data.

See the z/OS Security Server RACF Command Language Referencefor the full syntax of these commands.