View previous topic :: View next topic
|
Author |
Message |
ruodeer
New User
Joined: 06 Jul 2007 Posts: 58 Location: home
|
|
|
|
Hi all, could some friends here tell me what SUPGROUP is?
assume GROUP1's SUPGROUP is SYS1, can we say GROUP1 will have all the privileges of SYS1?and what's the difference between OWNER and SUPGROUP ? thanks you all in advance. |
|
Back to top |
|
|
ofer71
Global Moderator
Joined: 27 Dec 2005 Posts: 2358 Location: Israel
|
|
Back to top |
|
|
ruodeer
New User
Joined: 06 Jul 2007 Posts: 58 Location: home
|
|
|
|
thank you ofer71, yes ,I did go through the manual,but always got something like 'Name of the group's superior group', could you tell me if the new GROUP will inherit the privilege from SUPGROUP .If so ,all the groups with SUPERGROUP=SYS1 will have many privileges due to the privilege of SYS1 is very high,right ? thanks. |
|
Back to top |
|
|
Anuj Dhawan
Superior Member
Joined: 22 Apr 2006 Posts: 6250 Location: Mumbai, India
|
|
|
|
Hello,
RACF (also) use the group concept, very famous is UNIX or even Microsoft Active Directory environment. As in these other operating systems, groups will simplify security administration and help to avoid human errors when defining a new security rules, as it deal with much users automatically. Indeed, when administrators have to manually define the same security policies for hundred of users, they can easily forgot few of them. This can be a long and rebarbartive task. With groups, administrators can apply security models to a lot of users, in seconds and with the same efficiency.
To create groups, they use the “ADDGROUP” command. ADDGROUP SALSMANN SUPGROUP(SYS1) UNIVERSAL Here, a group named SALSMANN (eight characters max) and its superior group is SYS1. As a result, SALSMANN will be a subgroup of SYS1, which is also a group. If SUPGROUP is not specified, the current group of the user who operate this command is used instead. Universal is used for groups which will have a high number of users, potentially infinite. |
|
Back to top |
|
|
ruodeer
New User
Joined: 06 Jul 2007 Posts: 58 Location: home
|
|
|
|
Hi Anuj, thanks for you reply, so does that mean the SUBGROUP will inherit all the privilege from SUPGROUP?that is what i wanna know :> |
|
Back to top |
|
|
Anuj Dhawan
Superior Member
Joined: 22 Apr 2006 Posts: 6250 Location: Mumbai, India
|
|
|
|
Hello Ivan,
Quote: |
so does that mean the SUBGROUP will inherit all the privilege from SUPGROUP |
Not really.
RACF groups are used to grant access to resources by virtue of being in the access list of RACF profiles. The structure of groups, subgroups and superior groups is totally unrelated to gaining access to resources. There's no concept of "inheritance" or any real relationship between the access rights granted to one group and those granted to another. The only reason for the existence of the group tree - and by corollary the preference to have a meaningful structure in your group tree - is to confer RACF administrative privileges, which are quite distinct from RACF access rights.
PS. My previous reply was for this
Quote: |
could some friends here tell me what SUPGROUP is |
|
|
Back to top |
|
|
Anuj Dhawan
Superior Member
Joined: 22 Apr 2006 Posts: 6250 Location: Mumbai, India
|
|
Back to top |
|
|
ruodeer
New User
Joined: 06 Jul 2007 Posts: 58 Location: home
|
|
|
|
Hi Anuj, thanks so much ,you are so helpful .
I really got it.
PS.I just THANKed you in another topic just now |
|
Back to top |
|
|
Anuj Dhawan
Superior Member
Joined: 22 Apr 2006 Posts: 6250 Location: Mumbai, India
|
|
|
|
My pleasure..
have a good one,
-Ad |
|
Back to top |
|
|
|