When a pubset is imported for the first time (after generation with SIR), by the command IMPORT-PUBSET ACTUAL-JOIN=*FIRST, the user catalog is set up. The user catalog contains the following user IDs by default:
TSOS | User ID of system administration |
SYSPRIV | User ID for the assignment of privileges in conjunction with the software product SECOS |
SYSDUMP | User ID under which system dumps are stored |
SYSOPR | User ID for the operator |
SYSSPOOL | User ID for SPOOL management |
SERVICE | User ID for service staff; under this ID, special programs for operational security are used by hardware and software maintenance personnel |
SYSGEN | User ID for hardware generation |
SYSHSMS | User ID for the HSMS data archive |
SYSSNAP | User ID under which SNAP dumps are stored |
SYSUSER | User ID for User dumps that cannot or should not be stored under the ID of the person responsible for the dump |
SYSAUDIT | User ID for REPLOG management, and for SAT analysis and SAT file management in conjunction with SECOS |
SYSNAC | User ID for the Network Administration Center |
SYSROOT | User ID for POSIX management |
SYSSNS | User ID for the SPOOL Notification Service |
SYSMAREN | User ID for MAREN management |
SYSSOPT | User ID for the SPACEOPT product |
SYSWSA | User ID for the Web Service API |
If a pubset which has already been imported once is imported again with ACTUAL-JOIN=*FIRST not only is the user catalog reset to its default settings but also all the data it contains - with the exception of files under $TSOS - is deleted.
Except for TSOS and SERVICE, the system’s user IDs are set to “locked” on initialization, and can be unlocked using the UNLOCK-USER command.
Entering and managing users
For every user who is to have access to the system, systems support must create an entry both in the user catalog of the home pubset and in that of the assigned default pubset. After LOGON validation, the entry in the user catalog of the home pubset has priority. After due consultation, the user is allocated specific resources and privileges in addition to the data for user identification:
Identification: | user ID, password, SPOOLOUT class, mailing address |
Resources: | default pubset, user address space, storage space on public disks, CPU time, message language, assignment of group syntax file |
Privileges: | right to exceed the allocated storage space, right to use specific task attributes, runtime priority, test privileges, use of hardware and linkage AUDIT, use of Net-Storage |
The ADD-USER and MODIFY-USER-ATTRIBUTES commands are used to create or update entries in the user catalog.
Systems support can use the SHOW-USER-ATTRIBUTES command to request display of the user entries and thus obtain an overview of the contents of the user catalog.
Furthermore, with the aid of the LOCK-USER and REMOVE-USER commands, systems support can lock or delete users, and using UNLOCK-USER can unlock them again.
The system user IDs cannot be deleted (exception: the SERVICE user ID if the product SECOS is in use, see the “SECOS” manual “Access Control” [46]).