ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Is there is limit on the number of OMVS Groups that a user is connected to within OMVS and as it related to the login?


Article ID: 14674


Updated On:


ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit


Is there is limit on the number of OMVS Groups that a user is connected to within OMVS and as it related to the login?


Component: ACF2MS


According to IBM documentation there is a z/OS UNIX limit of groups to which a used is associated with the processor or user in z/OS UNIX.

"RACF allows you to define and connect a user to more than 300 groups, but when a process is created or z/OS UNIX group information is requested, only up to the first 300 z/OS UNIX groups are associated with the process or user. The first 300 z/OS UNIX groups that have GIDs to which a user is connected are used by z/OS UNIX. LISTUSER displays the groups in the order that RACF examines them when determining which of the user's groups are z/OS UNIX groups" 

ACF2 allows for the specification of a Default GROUP in each user's logonid record in addition to Supplemental Groups: 

Under z/OS UNIX System Services and CA ACF2 , a user is a member of the group defined in the GROUP field of his logonid, and a member of any other group that he has access to through a resource rule. These groups are called supplemental groups and a list of the allowed groups is built for each signon. When group access checks are performed for HFS file access, CA ACF2 compares the GID of the file to the GID of the group defined in the logonid. If those GIDs do not match, CA ACF2 checks to see if the file's GID matches the GID of any of the supplemental groups. If it matches, then CA ACF2 uses the GROUP permissions to determine the user's access to the file. 

The UNIXOPTS GSO record NGROUPS parameter sets the maximum size of the supplemental group list created for each signon. The number of entries is set within the range of 0 through 8192 with 300 being the default. 

Note that the ACF2 NGROUPS Default matches the z/OS UNIX limitation for the number of GROUPS.