You should plan to define your CICS terminal users in groups. For this
purpose, try to place the users of CICS systems in groups for ease of administration.
For example, you might consider that all users who have the same manager,
or all users within an order entry function, are an administrative unit. You
can define such users to RACF as
groups of individual
users who have similar access requirements to CICS system resources. See the
z/OS Security Server RACF Security Administrator's Guide for more information about:
- Access control and flexibility of operation for the system administrator
- Use of the group-SPECIAL attribute and its scope of control
- Reducing the need to refresh in-storage profiles
When you define a group, and then define users as members of that group,
all the users in the group can access the resources to which the group has
been given access.
The group structure selected depends on your own installation's requirements.
Use the RACF command ADDGROUP to create a new group:
ADDGROUP groupname OWNER(userid)
Use the ADDUSER command to add new users to the group, defining the group
name as the user's default group:
ADDUSER userid NAME(username) DFLTGRP(group_id)
CICS(OPCLASS(1,2,..,n) OPIDENT(abc) OPPRTY(255) TIMEOUT(minutes)
XRFSOFF(NOFORCE) LANGUAGE(PRIMARY(language))
You can make a terminal user a member of more than one group by using the
CONNECT command to add the user to a group other than that user's default
group:
CONNECT userid GROUP(groupname)
Use the ALTUSER command to change a user's default group, as follows:
ALTUSER userid DFLTGRP(groupname)
Use the ALTUSER command to add CICS
data for an existing userid. See
The CICS segment for details of the
CICS optional data.
See the z/OS Security Server RACF Command Language Referencefor the full syntax of these commands.