To access OMVS (Unix System Services), it requires DFLTGRP defined for a user. What does DFLTGRP do in OMVS?
An ACID can have multiple GROUPs on it. The DFLTGRP selects which GROUP should be used in OMVS when a specific GROUP is not specified at signon time. When a user signs on to CA ROSCOE, TSO, CICS, etc, on the signon screen is a field where a group can be entered. (For example, in CA ROSCOE, the field is 'GROUP CODE'. In TSO, it is 'Group Ident ===>'.) If the user does not enter a group in this field, when the user signs on the DFLTGRP is assigned. If the user then enters OMVS, it will use this group.. The group specified in the DFLTGRP field must be one of the groups in the GROUP list on the acid.
Part of the native Unix System Security uses the user's group. The DFLTGRP is indirectly used in OMVS to specify which group the user is using when the user enters OMVS if the user did not specify a GROUP at signon time. Specific questions on how native Unix System Security works should be directed to IBM. CA Top Secret is just a repository for the OMVS fields (UID, GROUP, DFLTGRP, HOME, OMVSPGM).
NOTE: If an ACID does not have any OMVS fields (UID, GROUP, DFLTGRP, HOME, OMVSPGM) and the OMVSUSR and OMVSGRP control options are defined in CA Top Secret, the ACID will pick up the OMVS fields, including the DFLTGRP, from these as long as the ACID does not have the NOOMVSDF attribute on it.
Please see the CA Top Secret Command Functions Guide for more information on the DLFTGRP.