ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How a user can be a member of two or more OMVS group?

book

Article ID: 40642

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

Setting up a user to be part of multiple OMVS group.
How a user can be a member of two or more OMVS groups?

 

 

Environment

CA ACF2 for Z/OS Release 16

 

Resolution

This can be done by letting users access the groups through the supplemental group facility, writing TGR resource rules that grant access to the specified groups.

To grant a user access to a supplemental group, you must create a TYPE(TGR) resource rule. The $KEY of the rule identifies the one- to eight-character group name. This field is maskable. The following is an example of a resource rule that grants access to group OMVSGRP to users in usera and userb.

$KEY(OMVSGRP) TYPE(TGR)
UID(UID string for usera) ALLOW
UID(UID string for userb) ALLOW

For performance reasons, it is recommended that the TGR rules be resident, this can be done by creating an entry for the TGR type code in the GSO INFODIR record and rebuild the resident directory.

SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RTGR)
F ACF2,REFRESH(INFODIR)
F ACF2,REBUILD(TGR),CLASS(R)

 

Additional Information

 For more information refer to CA ACF2 for Z/os Admin Guide r15, Chapter 22: z/OS UNIX System Services Support.