Release : 16.0

Component : ACF2 for z/OS

How SDSF determines Group membership as well as the ACF2 equivalents to the TSOAUTH authorities.

SDSF determines who belongs to a group on the basis of procedure name, terminal name, user ID, and TSO authority. 

SDSF Groups can be defined in two ways:
ISFPARMS uses the GROUP statement.
Assembler macros use the ISFGRP macro.

When a user logs on to TSO their SDSF group assigned is based on the ISFPARM Group definitions that match their ACF2 LOGONID Fields.

SDSF Group membership parameters and ACF2 corresponding LOGONID Fields. 

ISFPARM Group       ACF2 LOGONID Field      Description
ITNAME (NTBL-name)  ACC-SRCE(source) ***    Includes users by terminal name. *
ILPROC (NTBL-name)  TSOPROC(procname) ***   Includes users by logon procedure. *
IUID (NTBL-name)    LOGONID                 Includes users by user ID. *
TSOAUTH (JCL)       JCL                     TSO authority JCL **
TSOAUTH (MOUNT)     MOUNT                   TSO authority MOUNT **
TSOAUTH (OPER)      OPERATOR                TSO authority OPER **
TSOAUTH (ACCT)      ACCTPRIV                TSO authority ACCT **

Notes
*   The ILPROC, ITNAME, and IUID parameters include members. If you use more than one of
     these to define a group, a user must meet the requirements of all of them in order to qualify for
     inclusion in the group.
**  The TSO authorities work together in a logical “AND” process.
*** The source and procname may be changed at TSO system entry based on ACF2 security configuration.