Security

Converting To & From RACF Universal Groups

5 Pages

Similarly, if you need to convert a UNIVERSAL group to a standard group, there’s no ALTGROUP command option for that, either. Using RACF commands and utilities, you’d need to do the following:

• Invoke the LISTGRP command to obtain a list of the non-AUTH(USE) connected members and all connected members that have GROUPAUDITOR, GROUP-OPERATIONS, and/or GROUP-SPECIAL.

• List the defined groups and userids to collect the group connect information. This is necessary because this list will contain information about all members connected to the UNIVERSAL group, not just the non-AUTH(USE) connected members or the connected members with GROUP-AUDITOR, GROUP-OPERATIONS, or GROUPSPECIAL.

• Parse the aforementioned lists and build REMOVE commands for each connected member.

• Parse the aforementioned lists and build appropriate CONNECT commands (capture the AUTH indicator and any GROUP-ADSP, GROUPAUDITOR, GROUP-OPERATIONS, or GROUP-SPECIAL indications).

• Determine if the group in question is a candidate to be converted to a standard RACF group. If there are more than 5,957 connected members, the group in question isn’t a candidate to be converted to a standard RACF group. If the group in question is a viable candidate to convert to a standard RACF group, you could continue with the following steps. Otherwise, the conversion effort would need to stop here and you should re-evaluate the plan.

• Determine if any of the connected members have the group in question as their default group.

• Temporarily reassign members who have the group in question as their default group to a different default group.

• REMOVE all the connected members from the group in question.

• Delete the group in question.

5 Pages