Group

Enhanced Definition

A logical collection of user IDs within the z/OS security environment, primarily managed by **RACF** (Resource Access Control Facility), used to simplify the assignment and management of access permissions to resources. It allows administrators to grant or revoke access for multiple users simultaneously, enforcing security policies efficiently.

Key Characteristics

- Security Context: Primarily used in RACF for managing user authorizations to z/OS resources such as datasets, programs, transactions, and system commands.
- User Association: A user ID can be connected to one or more groups, inheriting the access rights and attributes granted to those groups.
- Hierarchical Structure: Groups can be nested, meaning a group can be connected to another group, forming a hierarchy that simplifies complex permission structures and delegation.
- Centralized Management: Facilitates efficient security administration by allowing permissions to be defined once at the group level rather than individually for each user.
- Default Group: Every user ID must be connected to at least one group, often a default group, which is assigned during user creation and determines the primary group for new datasets created by the user.
- Resource Ownership: Groups can be designated as owners of resources (e.g., datasets, profiles), which influences default access permissions and administrative control