Jim Lautner
 May 2nd, 2008
Prior to RACF for z/OS 1.2, RACF groups were limited to 5,957 connected userids. For many sites using RACF, this is not an onerous restriction however, for some sites, this restriction may present a real problem.

With RACF for z/OS 1.2, IBM introduced RACF UNIVERSAL groups. The benefit of a RACF UNIVERSAL group is that it can have an unlimited number of AUTH(USE) userids connected to it providing those userids don't have GROUP-AUDITOR, GROUP-OPERATIONS, and/or GROUP-SPECIAL authority. The drawback of RACF UNIVERSAL groups is, since there is no group connect information maintained for AUTH(USE) connected userids, there is no easy way to obtain a list of all the userids connected to a UNIVERSAL group. Another drawback is, with standard RACF commands, there is no way to convert a standard RACF group to a UNIVERSAL group or vice versa. Under normal operation, a group must be defined as being a UNIVERSAL group when the group is created.

With a good understanding of RACF groups and userids and the associated connections, it is possible to use available tools to convert RACF groups in place. If you feel that your organization could benefit from using RACF UNIVERSAL groups and you currently have standard RACF groups that you would like to convert to UNIVERSAL groups without having to do a painstaking collection of RACF information prior to locking your RACF environment down in advance of a conversion, contact ESS to discuss options.
Title:  Preserving Stranded Mainframe Data Author:
 Brian Hoyte
 Apr 17th, 2008
Title:  Decommissioning you say? Author:
 Bill Vickers
 Jan 5th, 2008
Copyright © 1996. Expanded Systems Services Ltd. All rights reserved.

Home - About Us - Consulting - Education - Development - Contact Us - Articles - Blog