Recent Articles

[ 17th January 2024 ] Unveiling Mainframe Society: Connecting Mainframers Worldwide Business
[ 31st July 2023 ] Free Online Event on 9th August – z/OS 3.1 Post Announcement Tech - Conferences
[ 26th July 2021 ] Free Virtual Event on 8th September – z/OS 2.5 Post Announcement Tech - Conferences
[ 3rd July 2021 ] Free Virtual Event on 21st July – The Role of the systems programmer in protecting the mainframe from accidental or malicious event! Tech - Conferences
[ 3rd June 2021 ] Event on 23rd June – Large Systems: After the Storms, What Next? Tech - Conferences

RACF – User Attributes

7th May 2012 Rui Miguel Feio RACF, Tech - Mainframe

User attributes are extraordinary capabilities, limitations, or environments that can be assigned to a user either all of the time or when the user is connected to a specific group or groups.

Attribute	Description
SPECIAL	A user who has the SPECIAL attribute at the system level can issue all RACF commands. This attribute gives the user full control over all of the RACF profiles in the RACF database. You can assign the SPECIAL attribute at the group level. When you do, the group-SPECIAL user has full control over all of the profiles within the scope of the group.
AUDITOR	The AUDITOR attribute is given to users who are responsible for auditing RACF security controls and functions. You can assign the AUDITOR attribute at the group level. When you do, the group-AUDITOR user’s authority is limited to profiles that are within the scope of that group.
OPERATIONS	A user who has the system wide OPERATIONS attribute has full access authorization to all RACF-protected resources in the classes DATASET, DASDVOL, GDASDVOL, PSFMPL, TAPEVOL, VMBATCH, VMCMD, VMMDISK, VMNODE, and VMRDR classes. You can assign the OPERATIONS attribute at the group level. When you do, the group-OPERATIONS user’s authority is limited to resources within the scope of that group.
CLAUTH	If a user has the CLAUTH attribute in a class, RACF allows the user to define profiles in that class. You cannot assign the CLAUTH attribute at the user or group level.
GRPACC	When a user with the GRPACC attribute creates a data set profile for a group data set, RACF gives UPDATE access authority to other users in the group.
ADSP	The ADSP attribute establishes an environment in which all permanent DASD data sets created by this user are automatically defined to RACF and protected with a discrete profile.
REVOKE	The REVOKE attribute prevents the RACF-defined user from entering the system. REVOKE can be assigned at the group level, in which case the user cannot enter the system and connect to that group.
RESTRICTED	You can prevent RACF users from gaining access to protected resources they are not specifically authorized to access by assigning the RESTRICTED attribute on the ADDUSER or ALTUSER command.
PROTECTED	This attribute is used mainly for started tasks to prevent a user ID from being revoked due to multiple unsuccessful logon attempts. This attribute is assigned implicitly by default. So, if you specify PASSWORD operand with ALU command, it will be removed.
WHEN	Specifies days of the week and hours of the day during which the user has access to the system.

Kanda says:

20th January 2021 at 09:52

Good info in one place, thank ou

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2019 Rui Miguel Feio