The following chart summarizes the attributes and authorities that can be assigned, and the RACF commands and operands that can be issued for each authority. The chart is divided into four types of authorities: user attributes, group authorities, access authorities, and miscellaneous authorities (ownership requirements and userid requirements).
The authorities required to issue each command are listed in the section "RACF Requirements" that appears with each command in this publication.
Basic Information for Using RACF Commands 11
User Attributes Commands and Operands you can Issue
SPECIAL or ADDGROUP with all operands group-SPECIAL ADDSD with all operands ADDUSER with all operands
ALTDSD with all operands except GLOBALAUDIT ALTGROUP with all operands
ALTUSER with all operands except UAUDIT /NOUAUDIT CONNECT with all operands
DELDSD with all operands DELGROUP with all operands DELUSER with all operands LISTDSD with all operands LISTGRP with all operands LISTUSER with all operands PASSWORD with all operands PERMIT with all operands
RALTER with all operands except GLOBALAUDIT RDEFINE with all operands
RDELETE with all operands REMOVE with all operands RLIST with all operands SEARCH with all operands
SETROPTS with all operands except AUDIT /NOAUDIT /SAUDIT /NOSAUDJT / CMDVIOL/NOCMDVIOL which require the AUDITOR attribute. User with group-SPECIAL attribute can issue only REFRESH and LIST.
AUDITOR or ALTDSD only with GLOBALAUDIT
group-AUDITOR ALTUSER only with UAUDIT /NOUAUDIT
LISTDSD with all operands, lists GLOBALAUDIT option LISTUSER with all operands, lists UAUDIT /NOUAUDIT operand RALTER only with GLOBALAUDIT
RLIST with all operands, lists GLOBALAUDIT option SETROPTS only with AUDIT /NOUAUDIT /SAUDIT /NOSAUDIT /
CMDVIOL/NOCMDVIOL/LIST which require the AUDITOR attribute
Figure 2 (Part 1 of 5). Summary of Authorities and Commands
12 RACF Command Language Reference
User Attributes
OPERATIONS or group-OPERATIONS
CLAUTH
Commands and Operands you can Issue
SEARCH SETROPTS
ADDUSERI ALTUSER2 RALTER3 RDEFINE4 SETROPTS
with all operands only with REFRESH
with all operands except OPERA TIONS/NOOPERA TIONS/SPECIAL/
NOSPECIAL/ AUDITOR/NOAUDITOR only with CLAUTH/NOCLAUTH
only with ADDVOL with all operands only with REFRESH
lapplies when you have the CLAUTH attribute of USER and you either are the owner of, have JOIN authority in the default group specified in the command, or the profile is within the scope of a group in which you have the group-SPECIAL attribute.
2applies when you have the CLAUTH attribute for the class to be added/deleted, you are the owner of the user's profile, or the profile is within the scope of a group in which you have the group-SPECIAL attribute.
3applies when you have the CLAUTH attribute of T APEVOL and you also have sufficient authority to issue the command.
4applies when you have the CLAUTH attribute of DASDVOL, TAPEVOL, or TERMINAL, and applies to the specific class.
GRPACC none ADSP REVOKE
Figure 2 (Part 2 of 5). Summary of Authorities and Commands
Basic Information for Using RACF Commands 13
Group Authorities Commands and Operands you can Issue
USE none
CREATE ADDSDI with all operands except NOSET
CONNECT ADDSDI with all operands except NOSET
ALTUSER only with GROUP/ AUTHORITY /UACC
CONNECT with all operands except SPECIAL/NOSPECIAL/OPERA TIONS/
NOOPERATIONS/ AUDITOR/NOAUDITOR LlSTGRP with all operands
REMOVE with all operands
JOIN ADDGROUp2 with all operands
ADDSDI with all operands except NOSET
ADDUSER3 with all operands except OPERATIONS/SPECIAL/ AUDITOR ALTGROUp4 with all operands except OWNER
ALTUSER oldy with GROUP/AUTHORITY /UACC
CONNECT with all operands except SPECIAL/NOSPECIAL/OPERA nONS/
NOOPERA TIONS DELGROUp2 with all operands LlSTGRP only with (group-name ... ) REMOVE with all operands
lapplies to group data sets.
2applies to superior group.
3applies to default group specified in command and only if you have the CLAUTH attribute of USER.
4applies to current and new superior groups. You may have JOIN authority in one group and be owner of or be connected with the groups-SPECIAL attribute to another group.
Figure 2 (Part 3 of 5). Summary of Authorities and Commands
14 RACF Command Language Reference
Access Authorities Commands and Operands you can Issue
NONE pone
READ LISTDSD with all operands except AUTHUSER
RLIST with all operands except AUTHUSER SEARCH with all operands
UPDATE LISTDSD with all operands except AUTHUSER RLIST with all operands except AUTHUSER SEARCH with all operands
CONTROL LISTDSD with all operands except AUTHUSER RLIST with all operands except AUTHUSER SEARCH with all operands
ALTER ALTDSDI with all operands except OWNER/NOSET /GLOBALAUDIT DELDSDI with all operands except NOSET
LISTDSD with all operands PERMITI with all operands
RALTER2 with all operands except OWNER/ ADDVOL/GLOBALAUDIT RDELETEI with all operands
RLISTI with all operands SEARCH with all operands
lappJies to discrete profiles only.
2applies to ADDVOL operand only if you also have CLAUTH attribute for T APEVOL.
Figure 2 (Part 4 of 5). Summary of Authorities and Commands
Basic Information for Using RACF Commands 15
Miscellaneous
Authorities Commands and Operands you can Issue
Owner of user profile ALTUSERI only with userid/NAME/OWNER/DFLTGRP/DATA/GRPACC/
NOGRPACC/ ADSP /NOADSP /REVOKE/RESUME/PASSWORD/
NOPASSWORD/OICARD/NOOIDCARD/CLAUTH/NOCLAUTH DEL USER with all operands
LISTUSER with all operands PASSWORD only with USER
Owner of group profile ADDGROUp2 with all operands
ADDUSER3 with all operands except OPERA TIONS/SPECIAL/ AUDITOR ALTGROUp4 with all operands
ALTUSER only with GROUP/AUTHORITY /UACC
CONNECT with all operands except SPECIAL/NOSPECIAL/OPERATIONS/
NOOPERATIONS DELGROUPs with all operands LISTGRP with all operands
REMOVE with all operands .
Owner of resource ALTDSD with ail operands except NOSET /GLOBALAUDIT
profile DELDSD with all operands except NOSET
LISTDSD with all operands PERMIT with all operands
RALTER6 with all operands except GLOBALAUDIT RDELETE with all operands
RLIST with all operands SEARCH with all operands
Userid is current user ALTUSER only with NAME/DFLTGRP LISTUSER only with userid
PASSWORD only with PASSWORD/INTERVAL
Userid is first-level ADDSD with all operands
qualifier of data set ALTDSD with all operands except OWNER/GLOBALAUDIT name (or qualifier DELDSD with all operands
supplied by a LISTDSD with all operands
command PERMIT with all operands
installation exit) SEARCH with all operands
None RVARY7 with all operands
lapplies to CLAUTH/NOCLAUTH only if you have the CLAUTH attribute for the class to be added/deleted.
2applies to superior group.
3applies to default group specified in the command and only if you have the CLAUTH attribute of USER.
4applies to current and new superior groups. You may have JOIN authority in one group and be owner of another group.
sapplies to superior group or group to be deleted.
6applies to ADDVOL operand only when you also have CLAUTH attribute of T APEVOL.
7although no special authority is needed to issue the command, the security operator must approve the change of RACF status to active or inactive before the command is allowed to complete.
Figure 2 (Part 5 of 5). Summary of Authorities and Commands
16 RACF Command Language Reference