The RACF segment
You identify a RACF® user by an alphanumeric userid, which RACF associates with the user profile for that user.
userthat you define to RACF need not be a person, such as a CICS® terminal user. For example, in the CICS environment, a RACF userid can be associated with the procedure you use to start CICS as a started task; and a userid can be associated with a CICS terminal (for the purpose of preset security). The following list shows some of the basic segment information that RACF holds for a user:
- Keyword
- Description
- USERID
- The user's userid
- NAME
- The user's name
- OWNER
- The owner of the user's profile—the RACF administrator or other user authorized by the administrator, or a RACF group
- DFLTGRP
- The default group that the user belongs to
- AUTHORITY
- The user's authority in the default group
- PASSWORD
- The user's password
You define the RACF segment of a user profile using the ADDUSER command, or the RACF ISPF panels. When planning RACF segments of user profiles for CICS users, identify the groups that you want them to be in. Start by identifying RACF administrative units for the users. For example, you could consider all users who have the same manager, or all users within an order entry function, an administrative unit. RACF handles these units as groups of individual users who have similar requirements for access to CICS system resources.
For an overview of the steps required to add users to the system, see the z/OS Security Server RACF Security Administrator's Guide.