Is there any way I can authorize a GROUP in the RLINK command that is not default group but only a connected group?

Document ID : KB000011348
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Is there any way I can authorize a GROUP in the RLINK command that is not default group but only a connected group?

Answer:

Due to security policies all personal userids at our shop get the same group and I am looking for a way to authorize the 25 operational userids need a RCMVS console with AUTH=ALL without having to specify all the 25 userids in the RCSCMNDS member.

The users are connected with a normal RACF group connect into a group that is specific for their department:

CONNECT uid GROUP(group) and this is the group that needs to use RCMVS.

The default groups of the users however a group for the entire organization is and cannot be permitted to use RCMVS.

Sample:

This is an older and outmoded method of doing things. Most MVS/JES commands are restricted by the security package.

If you specify in your RCSINIT statements:

SECTOKEN=YES, and have SECURITY=TSS or RACF or ACF2, then only one RLINK is needed.

RLINK USER(ALL) AUTH(ALL)

The commands issued by individual users will carry with them the individual users identification for the security system to use to allow/disallow individual commands.

As far as CA Remote Console picking up secondary groups it does not currently do so. It simply copies the ACEEGRPN (which is the users default group).