On Wed, Mar 9, 2011 at 7:30 PM, Kris Buelens <kris.buel...@gmail.com> wrote: > At my former customer, we created several RACF groups. To name a few: > LBSYST to control LOGONBY to various users by system programmers > LBOPER for the operators' group > SYSALL to permit the system programmers to link to most MDISKs
Right. Those with exposure to RACF in a real life have learned that you grant access to groups rather than users. Somehow our requirements are not as unique as we may think, and using groups cuts down the administrative effort. A good reason is that we don't have an easy way to list the profiles where the user is on the access list. You do need to enable the GRPLIST option (which isn't by default, iirc) You should also look into RACFVARS to combine related service virtual machines and use a single LOGONBY profile for them: RDEF RACFVARS &LNX ADDMEM(LINUX01, LINUX02, LINUX03) RDEF SURR LOGONBY.&LNX PE LOGONBY.&LNX CL(SURR) ID(ADMINS SYSPROGS) ACCESS(READ) Now when you define a new Linux guest, you only have to add it to the &LNX profile. Rob
