Prior to RACF for z/OS 1.2,
RACF groups were limited to 5,957 connected
userids. For many sites using RACF, this is not
an onerous restriction however, for some sites,
this restriction may present a real problem.
With RACF for z/OS 1.2, IBM introduced RACF
UNIVERSAL groups. The benefit of a RACF
UNIVERSAL group is that it can have an unlimited
number of AUTH(USE) userids connected to it
providing those userids don't have
GROUP-AUDITOR, GROUP-OPERATIONS, and/or
GROUP-SPECIAL authority. The drawback of RACF
UNIVERSAL groups is, since there is no group
connect information maintained for AUTH(USE)
connected userids, there is no easy way to
obtain a list of all the userids connected to a
UNIVERSAL group. Another drawback is, with
standard RACF commands, there is no way to
convert a standard RACF group to a UNIVERSAL
group or vice versa. Under normal operation, a
group must be defined as being a UNIVERSAL group
when the group is created.
With a good understanding of RACF groups and
userids and the associated connections, it is
possible to use available tools to convert RACF
groups in place. If you feel that your
organization could benefit from using RACF
UNIVERSAL groups and you currently have standard
RACF groups that you would like to convert to
UNIVERSAL groups without having to do a
painstaking collection of RACF information prior
to locking your RACF environment down in advance
of a conversion, contact ESS to discuss options.
HOME
ABOUT US
CONSULTING
EDUCATION
DEVELOPMENT
Hg197/ADDAM
CONTACT US
