| User Attributes | |||||
|---|---|---|---|---|---|
| Attribute Name | Description | Modifiable | Segment | Boolean Attribute | Multi-Value Attribute |
| BASE_ADSP | All permanent tape and DASD data sets created by user are automatically RACF-protected by discrete profiles. | Yes | No | Yes | No |
| BASE_AUDITOR | Indicates user has full responsibility for auditing the use of system resources, and is able to control the logging of detected accesses to any RACF-protected resources during RACF authorization checking and accesses to the RACF database. | Yes | No | Yes | No |
| BASE_CATEGORY | Name(s) of installation-defined security categories, which must be defined as members of the CATEGORY profile in the SECDATA class. | Yes | No | No | Yes |
| BASE_CLAUTH | Classes in which user is allowed to define profiles to RACF for protection. Classes can be USER, and any resource classes defined in the class descriptor table. | Yes | No | No | Yes |
| BASE_CREATED | The date this user was defined to RACF. | No | No | No | No |
| BASE_DATA | Up to 255 characters of installation-defined data. | Yes | No | No | No |
| BASE_DAYS | Days of week user is allowed access system from a terminal - Allowed values: ANYDAY, WEEKDAYS, SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY. | Yes | No | No | Yes |
| BASE_DFLTGRP | Name of RACF group which is the default group for user. | Yes | No | No | No |
| BASE_GRPACC | Indicates that any group data sets protected by DATASET profiles defined by this user are automatically accessible to other users in the group. | Yes | No | Yes | No |
| BASE_LAST-ACCESS | The date and time the user last entered the system. | No | No | No | No |
| BASE_MODEL | Name of discrete data set profile used as model when new data set profiles are created that have this userid as the high-level qualifier. | Yes | No | No | No |
| BASE_NAME | User's name - a name associated with userid - maximum of 20 characters. | Yes | No | No | No |
| BASE_OPERATIONS | User has OPERATIONS segment. | Yes | No | Yes | No |
| BASE_OWNER | RACF userid or groupname of owner of this userid. | Yes | No | No | No |
| BASE_PASS-INTERVAL | The password change interval (in number of days). | No | No | No | No |
| BASE_PASSDATE | The date the user's password was last updated. | No | No | No | No |
| BASE_PASSWORD | When setting, value is new password. When getting, simply indicates if user has password or is restricted userid (no password). | Yes | No | No | No |
| BASE_PASSWORD_ENV | User's password, encrypted in PKCS#7 envelope. Only returned if password enveloping has been set up and userid that authenticated in RACF_SecAdmin constructor has digital certificate on IRR.PWENV.KEYRING keyring. | No | No | No | No |
| BASE_PHRASE | The user's pass phrase. A text string of 14-100 characters. | Yes | No | No | No |
| BASE_PHRASE_CHANGE_DATE | Date user's pass phrase was last changed. | No | No | No | No |
| BASE_RESTRICTED | Indicates global access checking is bypassed when resource access checking is performed for this user, and neither ID(*) on the access list nor the UACC will allow access. | Yes | No | Yes | No |
| BASE_RESUME | Date when RACF will resume allowing the user access to the system. Date in format mm/dd/yy. | Yes | No | No | No |
| BASE_REVOKE | Date when RACF will stop allowing the user access to the system. Date in format mm/dd/yy. | Yes | No | No | No |
| BASE_REVOKED | User's access to the system is currently revoked. | No | No | Yes | No |
| BASE_SECLABEL | Installation-defined security label which is user's default security label. | Yes | No | No | No |
| BASE_SECLEVEL | User's security level, where seclevel-name is an installation-defined name that must be a member of the SECLEVEL profile in the SECDATA class. | Yes | No | No | No |
| BASE_SPECIAL | Indicates user is allowed to issue all RACF commands with all operands except operands that require AUDITOR attribute. | Yes | No | Yes | No |
| BASE_TIME | Time of day user is allowed access system from a terminal. Format is start-time:end-time and each time's format is hhmm, where hh is the hour (00-23) and mm is the minutes (00-59). But 0000 is not a valid time value. If start-time is greater than end-time, interval spans midnight. | Yes | No | No | No |
| BASE_UAUDIT | Indicates RACF is to log all RACROUTE REQUEST=AUTH and RACROUTE REQUEST=FASTAUTH services eligible for logging, and all RACROUTE REQUEST=DEFINE services issued for the user, and all RACF commands (except SEARCH, LISTDSD, LISTGRP, LISTUSER, and RLIST) issued by user. | Yes | No | Yes | No |
| BASE_USERID | Userid | No | No | No | No |
| CICS | User has CICS segment. | Yes | Yes | Yes | No |
| CICS_OPCLASS | Numbers 1-24, representing classes assigned to this operator to which BMS (basic mapping support) messages are to be routed. | Yes | No | No | Yes |
| CICS_OPIDENT | A 1-3 character identification of the operator for use by BMS. | Yes | No | No | No |
| CICS_OPPRTY | Number from 0-255 that represents the priority of the operator. | Yes | No | No | No |
| CICS_RSLKEY | Specifies the resource security level (RSL) keys assigned to the user. Numbers from 1 - 24 or 0 (meaning no RSL keys are assigned to the user) or 99 (meaning 1 through 24 are assigned to the user). | Yes | No | No | Yes |
| CICS_TIMEOUT | Time, in hours and minutes, that the operator is allowed to be idle before being signed off. The value for TIMEOUT can be entered in the form m, mm, hmm, or hhmm, where the value for m or mm is 00-59, or 00-60 if h or hh is not specified or is specified as 0 or 00. | Yes | No | No | No |
| CICS_TSLKEY | Specifies the transaction security level (TSL) keys assigned to the user. Numbers from 1 - 64 or 0 (meaning no TSL keys are assigned to the user) or 99 (meaning 1 through 64 are assigned to the user). | Yes | No | No | Yes |
| CICS_XRFSOFF | Indicates whether the user is signed off by CICS when an XRF takeover occur. Valid values 'FORCE', 'NOFORCE'. | Yes | No | No | No |
| DCE | User has DCE segment. | Yes | Yes | Yes | No |
| DCE_AUTOLOGIN | Indicates z/OS UNIX DCE is to log this user into z/OS UNIX DCE automatically. | Yes | No | Yes | No |
| DCE_DCENAME | The DCE principal name defined for this RACF user in the DCE registry. 1 - 1023 characters. | Yes | No | No | No |
| DCE_HOMECELL | The DCE cell name defined for this RACF user. 1 - 1023 characters. RACF checks that the HOMECELL name entered has a prefix of either /.../ or /.:/ | Yes | No | No | No |
| DCE_HOMEUUID | The DCE universal unique identifier (UUID) for the cell that this user is defined to. The UUID is a 36-character string that consists of numeric and hexadecimal characters. This string must have the delimiter character (-) in positions 9, 14, 19, and 24. The general format for the UUID string is xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, in which x represents a valid numeric or hexadecimal character. | Yes | No | No | No |
| DCE_UUID | The DCE universal unique identifier (UUID) of the DCE principal defined in DCENAME. The UUID is a 36-character string that consists of numeric and hexadecimal characters. This string must have the delimiter character (-) in positions 9, 14, 19, and 24. The general format for the UUID string is xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, in which x represents a valid numeric or hexadecimal character. | Yes | No | No | No |
| DFP | User has DFP segment. | Yes | Yes | Yes | No |
| DFP_DATAAPPL | An 8-character DFP data application identifier. | Yes | No | No | No |
| DFP_DATACLAS | The default data class. 1-8 characters. | Yes | No | No | No |
| DFP_MGMTCLAS | The default management class. 1-8 characters. | Yes | No | No | No |
| DFP_STORCLAS | The default storage class. 1-8 characters. | Yes | No | No | No |
| EIM | User has EIM segment. | Yes | Yes | Yes | No |
| EIM_LDAPPROF | Name of a profile in the LDAPBIND class. The profile in the LDAPBIND class contains the name of an EIM domain and the bind information required to establish a connection with the EIM domain. 1-246 characters. | Yes | No | No | No |
| KERB | User has KERB segment. | Yes | Yes | Yes | No |
| KERB_ENCRYPT | ENCRYPT values are used to specify which keys are allowed for use based on the encryption algorithm used to generate them. Default values will be provided for any values not specified. Examples: 'DES','DES3' and 'DESD'. | Yes | No | No | Yes |
| KERB_KERBNAME | User's local kerberos-principal-name, may contain any characters except '@'. Must not be qualified with a realm name. However, RACF verifies that the local principal name, when fully qualified with the name of the local realm: '/.../local_realm_name/principal_name' does not exceed 240 characters. | Yes | No | No | No |
| KERB_KEYVERSION | Current Network Authentication Service key version. | No | No | No | No |
| KERB_MAXTKTLFE | The max-ticket-life in seconds, and is represented by a numeric value between 1 and 2147483647. | Yes | No | No | No |
| LANGUAGE | User has LANGUAGE segment. | Yes | Yes | Yes | No |
| LANGUAGE_PRIMARY | User's primary language. Specified as either an installation-defined name of a currently active language (maximum of 24 characters) or one of the language codes (three characters in length) for a language installed on your system. | Yes | No | No | No |
| LANGUAGE_SECONDARY | User's secondary language. Specified as either an installation-defined name of a currently active language (maximum of 24 characters) or one of the language codes (three characters in length) for a language installed on your system. | Yes | No | No | No |
| LNOTES | User has LNOTES segment. | Yes | Yes | Yes | No |
| LNOTES_SNAME | Lotus Notes for z/OS short-name of the user. 1-64 characters, consisting of alphanumeric characters or '&', '-', '.', '_', and a blank. | Yes | No | No | No |
| NDS | User has NDS segment. | Yes | Yes | Yes | No |
| NDS_UNAME | Novell Directory Services for OS/390 user-name of the user. 1-246 characters excluding the following characters: '*', '+', '|', '=', ',', '"', '`', '/', ':', ';', '¢', '[', ']' | Yes | No | No | No |
| NETVIEW | User has NETVIEW segment. | Yes | Yes | Yes | No |
| NETVIEW_CONSNAME | Specifies the default master console station (MCS) console name used for this operator. 1 - 8 character name. | Yes | No | No | No |
| NETVIEW_CTL | Indicates whether a security check is performed for this NetView operator when they try to use a span or try to do a cross-domain logon. Allowed values 'GENERAL','GLOBAL' or 'SPECIFIC'. | Yes | No | No | No |
| NETVIEW_DOMAINS | Specifies the identifiers of NetView programs in another NetView domain where this operator can start a cross-domain session. Each identifier is 1-5 characters, with valid characters being 0-9, A-Z, #, $, or @. | Yes | No | No | Yes |
| NETVIEW_IC | The command or command list (up to 255 characters) to be processed by NetView for this operator when this operator logs on to NetView. | Yes | No | No | No |
| NETVIEW_MSGRECVR | Indicates this operator is to receive unsolicited messages that are not routed to a specific NetView operator. | Yes | No | Yes | No |
| NETVIEW_NGMFADMN | Indicates a NetView operator has administrator authority to the NetView Graphic Monitor Facility (NGMF). | Yes | No | Yes | No |
| NETVIEW_OPCLASS | NetView scope classes for which the operator has authority. Each class is a number from 1 to 2040. | Yes | No | No | Yes |
| OMVS | User has OMVS segment. | Yes | Yes | Yes | No |
| OMVS_ASSIZEMAX | The RLIMIT_AS hard limit resource value (maximum address space region size) that processes receive when dubbed a process. Integer value between 10485760 and 2147483647. | Yes | No | No | No |
| OMVS_CPUTIMEMAX | The RLIMIT_CPU hard limit (maximum) resource value that user's z/OS UNIX processes receive when they are dubbed a process. Numeric value between 7 and 2147483647, indicates the cpu-time in seconds that a process is allowed to use. | Yes | No | No | No |
| OMVS_FILEPROCMAX | Maximum number of files this user is allowed to have concurrently active or open. Numeric value between 3 and 524287. | Yes | No | No | No |
| OMVS_HOME | User's z/OS UNIX initial directory pathname, 1-1023 characters. | Yes | No | No | No |
| OMVS_MEMLIMIT | Specifies the maximum number of bytes of nonshared memory that can be allocated by the user. The nonshared-memory-size you define to RACF is a numeric value between 0 and 16777215, followed by the letter M, G, or T. The M, G, or T letter indicates the multiplier to be used. (M=Megabyte, G Gigabyte, T=Terabyte, P=Petabyte). Maximum value is 16383P. | Yes | No | No | No |
| OMVS_MMAPAREAMAX | Maximum amount of data space storage, in pages, that can be allocated by the user for memory mappings of HFS files. Numeric value between 1 and 16,777,216. | Yes | No | No | No |
| OMVS_PROCUSERMAX | Maximum number of processes user is allowed to have active at the same time, regardless of how the process became a z/OS UNIX process. Numeric value between 3 and 32767. | Yes | No | No | No |
| OMVS_PROGRAM | Specifies the PROGRAM pathname (z/OS UNIX shell program). The first program started when TSO/E command OMVS is entered or when a batch job is started using the BPXBATCH program, 1-1023 characters. | Yes | No | No | No |
| OMVS_SHMEMMAX | The maximum number of bytes of shared memory that can be allocated by user. The shared-memory-size you define to RACF is a numeric value between 1 and 16,777,215, followed by the letter M, G, T, or P. The M, G, T, or P letter indicates the multiplier to be used. (M=Megabyte, G Gigabyte, T=Terabyte, P=Petabyte). Maximum value is 16383P. | Yes | No | No | No |
| OMVS_THREADSMAX | Maximum number of pthread_create threads, including those running, queued, and exited but not detached, that the user can have concurrently active. Numeric value between 0 and 100000. | Yes | No | No | No |
| OMVS_UID | The UID, numeric value between 0 and 2147483647. 'AUTOUID' value can be used when BPX.NEXT.USER profile is defined in the FACILITY class. SHARED value can be used when the SHARED.IDS profile in the UNIXPRIV class is defined. See z/OS Security Server RACF Security Administrator's Guide for details. | Yes | No | No | Yes |
| OPERPARM | User has OPERPARM segment. | Yes | Yes | Yes | No |
| OPERPARM_ALTGRP | The console group used in recovery. 1-8 characters, with valid characters being 0-9, A-Z, #, $, or @. | Yes | No | No | No |
| OPERPARM_AUTH | Authority this console has to issue operator commands. Valid values, 'MASTER', 'ALL', 'INFO' (these three cannot be combined with other values) and 'CONS', 'IO' and 'SYS'. See AlTER USER in z/OS Security Server RACF Command Language Reference for more detailed description. | Yes | No | No | Yes |
| OPERPARM_AUTO | Indicates the extended console can receive messages that have been automated by the Message Processing Facility (MPF) in the sysplex. | Yes | No | Yes | No |
| OPERPARM_CMDSYS | Indicates the system to which commands issued from this console are to be sent. 1-8 characters, with valid characters being A-Z, 0-9, @ (X'7C'), # (X'7B'), and $ (X'5B'). If * is specified, commands are processed on the local system where the console is attached. | Yes | No | No | No |
| OPERPARM_DOM | Indicates whether this console receives delete operator message (DOM) requests. Allowed values 'NORMAL','ALL','NONE'. | Yes | No | No | No |
| OPERPARM_HC | Indicates this console is to receive hardcopy messages. | Yes | No | Yes | No |
| OPERPARM_INTIDS | Indicates this console is to receive messages directed to console ID 0 (the internal console). | Yes | No | Yes | No |
| OPERPARM_KEY | A 1-8 byte character name that can be used to display information for all consoles with the specified key by using the MVS command DISPLAY CONSOLES,KEY. Valid characters are A-Z, 0-9, # (X'7B'), $ (X'5B'), or @ (X'7C'). | Yes | No | No | No |
| OPERPARM_LEVEL | Specifies the messages that this console is to receive. Can be a list of R, I, CE, E, IN, NB or ALL. If you specify ALL, you cannot specify R, I, CE, E, or IN. | Yes | No | No | Yes |
| OPERPARM_LOGCMDRESP | Indicates if command responses are to be logged. Value of 'SYSTEM' specifies that command responses are logged in the hardcopy log. Value of 'NO' specifies that command responses are not logged. | Yes | No | No | No |
| OPERPARM_MFORM | Specifies the format in which messages are displayed at the console. Can be a combination of J, M, S, T, and X. | Yes | No | No | Yes |
| OPERPARM_MIGID | Indicates a 1-byte migration ID is assigned to this console. | Yes | No | Yes | No |
| OPERPARM_MONITOR | Specifies which information should be displayed when jobs, TSO sessions, or data set status are being monitored. Allowed values, 'JOBNAMES' OR 'JOBNAMEST' (mutually exclusive), 'SESS' or 'SESST' (mutually exclusive) or 'STATUS'. See ALTUSER in z/OS Security Server RACF Command Language Reference for a more detailed description. | Yes | No | No | Yes |
| OPERPARM_MSCOPE | Specifies the systems from which this console can receive messages that are not directed to a specific console. Each system-name can be any combination of A-Z, 0-9, #, $, or @. A name of '*' indicates the system on which the console is currently active. | Yes | No | No | Yes |
| OPERPARM_ROUTCODE | Routing codes of messages this console is to receive. Valid values are 'ALL' or One or more routing codes or sequences of routing codes. The routing codes can be list of n and n1:n2, where n, n1, and n2 are integers 1-128, and n2 is greater than n1. | Yes | No | No | Yes |
| OPERPARM_STORAGE | Amount of storage in the TSO/E user's address space that can be used for message queuing to this console. Valid values are 1 - 2000. | Yes | No | No | No |
| OPERPARM_UD | Indicates that this console is to receive undelivered messages. | Yes | No | Yes | No |
| OPERPARM_UNKNIDS | Indicates this console is to receive messages directed to console ID 0 (the internal console). | Yes | No | Yes | No |
| OVM | User has OVM segment. | Yes | Yes | Yes | No |
| OVM_FSROOT | The pathname for the file system root. 1 - 1023 characters. | Yes | No | No | No |
| OVM_HOME | The initial directory pathname. 1 - 1023 characters. | Yes | No | No | No |
| OVM_PROGRAM | Specifies the PROGRAM pathname. 1 - 1023 characters. First program started when the OPENVM SHELL command is entered. | Yes | No | No | No |
| OVM_UID | OpenExtensions VM user identifier, UID. Numeric value between 0 and 2147483647. | Yes | No | No | Yes |
| PROXY | User has PROXY segment. | Yes | Yes | Yes | No |
| PROXY_BINDDN | The distinguished name (DN) which the z/OS LDAP Server will use when acting as a proxy on behalf of a requester. 1 - 1023 characters. | Yes | No | No | No |
| PROXY_BINDPW | Password which the z/OS LDAP Server will use when acting as a proxy on behalf of a requester. 1 - 128 characters. | Yes | No | No | No |
| PROXY_LDAPHOST | The URL of the LDAP server which the z/OS LDAP Server will contact when acting as a proxy on behalf of a requester. The URL should be in a format such as ldap://123.45.6:389 10-1023 characters. A valid URL must start with either ldap:// or ldaps:// and is not case-sensitive. | Yes | No | No | No |
| TSO | User has TSO segment. | Yes | Yes | Yes | No |
| TSO_ACCTNUM | User's default TSO account number when logging on through the TSO/E logon panel (1-39 characters). | Yes | No | No | No |
| TSO_COMMAND | Command to be run during TSO/E logon (1 - 80 characters). | Yes | No | No | No |
| TSO_DEST | Default destination to which the user can route dynamically allocated SYSOUT data sets. The specified value must be 1-7 alphanumeric characters, beginning with an alphabetic or national character. | Yes | No | No | No |
| TSO_HOLDCLASS | User's default hold class. The specified value must be 1 alphanumeric character, excluding national characters. | Yes | No | No | No |
| TSO_JOBCLASS | Specifies the user's default job class. The specified value must be 1 alphanumeric character, excluding national characters. | Yes | No | No | No |
| TSO_MAXSIZE | Maximum region size user can request at logon. Number of 1024-byte units of virtual storage that TSO can create for the user's private address space. Integer between 0 and 65535 (inclusive) if database is shared with any MVS systems, or 0 through 2096128 if not shared. | Yes | No | No | No |
| TSO_MSGCLASS | User's default message class. The specified value must be 1 alphanumeric character, excluding national characters. | Yes | No | No | No |
| TSO_PROC | Name of the user's default logon procedure when logging on through the TSO/E logon panel. The name must be 1-8 alphanumeric characters and begin with an alphabetic character. | Yes | No | No | No |
| TSO_SECLABEL | User's security label if the user specifies one on the TSO logon panel. | Yes | No | No | No |
| TSO_SIZE | Region size - number of 1024-byte units of virtual storage available in user's private address space at logon when user does not request a region size at logon. Integer between 0 and 65535 (inclusive) if database is shared with any MVS systems, or 0 through 2096128 if not shared. | Yes | No | No | No |
| TSO_SYSOUTCLASS | User's default SYSOUT class. The specified value must be 1 alphanumeric character, excluding national characters. | Yes | No | No | No |
| TSO_UNIT | Default name of a device or group of devices that a procedure uses for allocations. The specified value must be 1-8 alphanumeric characters. | Yes | No | No | No |
| TSO_USERDATA | Optional installation data, 4 characters where valid characters are 0 through 9 and A through F. | Yes | No | No | No |
| WORKATTR | User has WORKATTR segment. | Yes | Yes | Yes | No |
| WORKATTR_WAACCNT | An account number for APPC/MVS processing. 1 to 255 characters. | Yes | No | No | No |
| WORKATTR_WAADDR1 | Address Line 1 that SYSOUT information is to be delivered to. 1 to 60 characters. | Yes | No | No | No |
| WORKATTR_WAADDR2 | Address Line 2 that SYSOUT information is to be delivered to. 1 to 60 characters. | Yes | No | No | No |
| WORKATTR_WAADDR3 | Address Line 3 that SYSOUT information is to be delivered to. 1 to 60 characters. | Yes | No | No | No |
| WORKATTR_WAADDR4 | Address Line 4 that SYSOUT information is to be delivered to. 1 to 60 characters. | Yes | No | No | No |
| WORKATTR_WABLDG | Building that SYSOUT information is to be delivered to. 1 to 60 characters. | Yes | No | No | No |
| WORKATTR_WADEPT | Department that SYSOUT information is to be delivered to. 1 to 60 characters. | Yes | No | No | No |
| WORKATTR_WANAME | Name of the user that SYSOUT information is to be delivered to. 1 to 60 characters. | Yes | No | No | No |
| WORKATTR_WAROOM | Room that SYSOUT information is to be delivered to. 1 to 60 characters. | Yes | No | No | No |
135 attributes total.
| Group Attributes | |||||
|---|---|---|---|---|---|
| Attribute Name | Description | Modifiable | Segment | Boolean Attribute | Multi-Value Attribute |
| BASE_CREATED | The date this group was defined to RACF. | No | No | No | No |
| BASE_DATA | Up to 255 characters of installation-defined data. | Yes | No | No | No |
| BASE_GROUPNAME | Name of the group. | No | No | No | No |
| BASE_MODEL | Name of a data set profile that RACF is to use as a model when new data set profiles are created that have groupname as the high-level qualifier. | Yes | No | No | No |
| BASE_OWNER | RACF userid or groupname of owner of this group. | Yes | No | No | No |
| BASE_SUBGROUPS | Groups which have this group as their superior group. | No | No | No | Yes |
| BASE_SUPGROUP | Name of the RACF-defined group which is the superior group for this group. | Yes | No | No | No |
| BASE_TERMUACC | Indicates during terminal authorization checking, RACF is to allow the use of the universal access authority for a terminal when it checks whether a user in the group is authorized to access a terminal. | Yes | No | Yes | No |
| BASE_UNIVERSAL | Specifies that this is a universal group that allows an effectively unlimited number of users to be connected to it for the purpose of resource access. | Yes | No | Yes | No |
| DFP | Group has DFP segment. | Yes | Yes | Yes | No |
| DFP_DATAAPPL | An 8-character DFP data application identifier. | Yes | No | No | No |
| DFP_DATACLAS | The default data class. 1-8 characters. | Yes | No | No | No |
| DFP_MGMTCLAS | The default management class. 1-8 characters. | Yes | No | No | No |
| DFP_STORCLAS | The default storage class. 1-8 characters. | Yes | No | No | No |
| OMVS | Group has OMVS segment. | Yes | Yes | Yes | No |
| OMVS_GID | The group id, GID, numeric value between 0 and 2147483647. 'AUTOGID' value can be used when BPX.NEXT.USER profile is defined in the FACILITY class. SHARED value can be used when the SHARED.IDS profile in the UNIXPRIV class is defined. See z/OS Security Server RACF Security Administrator's Guide for details. | Yes | No | No | Yes |
| OVM | Group has OVM segment. | Yes | Yes | Yes | No |
| OVM_GID | OpenExtensions VM group identifier. The GID is a numeric value between 0 and 2147483647. | Yes | No | No | No |
18 attributes total.
| Membership Attributes | |||||
|---|---|---|---|---|---|
| Attribute Name | Description | Modifiable | Segment | Boolean Attribute | Multi-Value Attribute |
| BASE_ADSP | Indicates when user is connected to this group, all permanent tape and DASD data sets created by the user is RACF-protected by discrete profiles. | Yes | No | Yes | No |
| BASE_AUDITOR | Indicates the user is to have the group-AUDITOR attribute when connected to this group. | Yes | No | Yes | No |
| BASE_AUTHORITY | Specifies the level of authority the user is to have in the group. The valid group authority values are 'USE', 'CREATE', 'CONNECT', and 'JOIN'. | Yes, Not Deletable | No | No | No |
| BASE_CONNECT-DATE | Date user was added to group. | No | No | No | No |
| BASE_CONNECTS | Number of times the user has entered the system with this group as the current connect group. | No | No | No | No |
| BASE_GRPACC | Indicates when the user is connected to this group, any group data sets defined by the user are automatically accessible to other users in the group. | Yes | No | Yes | No |
| BASE_LAST-CONNECT | Date user last entered the system using this group as the current connect group. | No | No | No | No |
| BASE_OPERATIONS | Indicates user is to have the group-OPERATIONS attribute when connected to this group. The group-OPERATIONS user has authorization to do maintenance operations on all RACF-protected DASD data sets, tape volumes, and DASD volumes within the scope of the group unless the access list for a resource specifically limits the OPERATIONS user to an access authority that is less than the operation requires. | Yes | No | Yes | No |
| BASE_OWNER | RACF-defined user or group to be assigned as the owner of the membership (connect profile). Defaults to the user who added user to group. | Yes, Not Deletable | No | No | No |
| BASE_RESUME | Date when user's membership in the group will be restored or resumed. | Yes | No | No | No |
| BASE_REVOKE | Date when user's membership in the group will be revoked. | Yes | No | No | No |
| BASE_REVOKED | User's membership to the group is currently revoked. | No | No | Yes | No |
| BASE_SPECIAL | User is to have the group-SPECIAL attribute when connected to this group. | Yes | No | Yes | No |
| BASE_UACC | Default value for the universal access authority for new resource profiles the user defines while connected to the group. Valid values are: ALTER, CONTROL, UPDATE, READ, and NONE. | Yes | No | No | No |
14 attributes total.