How a user can be a member of two or more OMVS group?

book

Article ID: 40642

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Setting up a user to be part of multiple OMVS group.
How a user can be a member of two or more OMVS groups?

 

 

Environment

CA ACF2 for Z/OS Release 16

 

Resolution

This can be done by letting users access the groups through the supplemental group facility, writing TGR resource rules that grant access to the specified groups.

To grant a user access to a supplemental group, you must create a TYPE(TGR) resource rule. The $KEY of the rule identifies the one- to eight-character group name. This field is maskable. The following is an example of a resource rule that grants access to group OMVSGRP to users in usera and userb.

$KEY(OMVSGRP) TYPE(TGR)
UID(UID string for usera) ALLOW
UID(UID string for userb) ALLOW

For performance reasons, it is recommended that the TGR rules be resident, this can be done by creating an entry for the TGR type code in the GSO INFODIR record and rebuild the resident directory.

SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RTGR)
F ACF2,REFRESH(INFODIR)
F ACF2,REBUILD(TGR),CLASS(R)

 

Additional Information

 For more information refer to CA ACF2 for Z/os Admin Guide r15, Chapter 22: z/OS UNIX System Services Support.