The RACF segment

You identify a RACF user by an alphanumeric userid, which RACF associates with the user profile for that user. The "user" that you define to RACF need not be a person, such as a CICS terminal user. For example, in the CICS environment, a RACF userid can be associated with the procedure you use to start CICS as a started task; and a userid can be associated with a CICS terminal (for the purpose of preset security). The following list shows some of the basic segment information that RACF holds for a user:
Keyword
Description
USERID
The user's userid
NAME
The user's name
OWNER
The owner of the user's profile—the RACF administrator or other user authorized by the administrator, or a RACF group
DFLTGRP
The default group that the user belongs to
AUTHORITY
The user's authority in the default group
PASSWORD
The user's password

You define the RACF segment of a user profile using the ADDUSER command, or the RACF ISPF panels. When planning RACF segments of user profiles for CICS users, identify the groups that you want them to be in. Start by identifying RACF administrative units for the users. For example, you could consider all users who have the same manager, or all users within an order entry function, an administrative unit. RACF handles these units as groups of individual users who have similar requirements for access to CICS system resources.

For an overview of the steps required to add users to the system, see the z/OS Security Server RACF Security Administrator's Guide.