Is there is limit on the number of OMVS Groups that a user is connected to within OMVS and as it related to the login?

Document ID:  TEC1030183
Last Modified Date:  06/14/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA ACF2 for z/OS

Components

  • CA ACF2 for z/OS:ACF2MS
Question:

Is there is limit on the number of OMVS Groups that a user is connected to within OMVS and as it related to the login?

Answer:

According to IBM documentation there is a z/OS UNIX limit of groups to which a used is associated with the processor or user in z/OS UNIX.

"RACF allows you to define and connect a user to more than 300 groups, but when a process is created or z/OS UNIX group information is requested, only up to the first 300 z/OS UNIX groups are associated with the process or user. The first 300 z/OS UNIX groups that have GIDs to which a user is connected are used by z/OS UNIX. LISTUSER displays the groups in the order that RACF examines them when determining which of the user's groups are z/OS UNIX groups" 

ACF2 allows for the specification of a Default GROUP in each user's logonid record in addition to Supplemental Groups: 

Under z/OS UNIX System Services and CA ACF2 , a user is a member of the group defined in the GROUP field of his logonid, and a member of any other group that he has access to through a resource rule. These groups are called supplemental groups and a list of the allowed groups is built for each signon. When group access checks are performed for HFS file access, CA ACF2 compares the GID of the file to the GID of the group defined in the logonid. If those GIDs do not match, CA ACF2 checks to see if the file's GID matches the GID of any of the supplemental groups. If it matches, then CA ACF2 uses the GROUP permissions to determine the user's access to the file. 

The UNIXOPTS GSO record NGROUPS parameter sets the maximum size of the supplemental group list created for each signon. The number of entries is set within the range of 0 through 8192 with 300 being the default. 

Note that the ACF2 NGROUPS Default matches the z/OS UNIX limitation for the number of GROUPS. 

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing