Create Profile Provisioning Policy Attributes
When
Important
This section describes the configuration of the Create Profile section. However, SailPoint recommends that you work with Services to define a Create Profile specific to your company's requirement.
The following generators create the required information while creating an editable RACF account:
|
Account Attribute |
Generator |
Description |
|---|---|---|
|
USER_ID |
Generator |
The User ID as taken from the profile name |
|
password |
Generator |
The password for RACF |
|
UG_DEF |
Disable |
Default group of the user. You can write rules or set a static value for this attribute. Alternatively the source can generate it for you. |
|
CICS.OPIDENT |
Disable |
Operator identification for use by BMS (basic mapping support) in CICS segment. This identification for each operator, is 1 to 3 characters long. |
|
CICS.OPCLASS |
Disable |
Classes assigned to this operator to which BMS messages are to be routed (CICS segment). These classes are in the range of 1 to 24. |
|
CICS.OPPRTY |
Disable |
Priority of the operator that CICS segment uses when it determines the task priority |
|
CICS.TIMEOUT |
Disable |
The time, in hours and minutes, that the operator is allowed to be idle before being signed off a CICS segment. |
|
CICS.XRFSOFF |
Disable |
(FORCE) means that the user is signed off by CICS when an XRF (extended recovery facility) takeover occurs in a CICS segment. |
|
TSO.ACCTNUM |
Disable |
Default TSO account number when logging on to TSO segment |
|
TSO.COMMAND |
Disable |
Command run during TSO logon |
|
TSO.DEST |
Disable |
Default destination to which the system routes dynamically-allocated SYSOUT datasets in TSO segment. |
|
TSO.HOLDCLASS |
Disable |
Default hold class for a user in a TSO segment |
|
TSO.JOBCLASS |
Disable |
Default job class for a user in a TSO segment |
|
TSO.MAXSIZE |
Disable |
Maximum region size a user can request at logon to a TSO segment |
|
TSO.MSGCLASS |
Disable |
Default message class for a user in a TSO segment |
|
TSO.PROC |
Disable |
Default logon procedure name when logging on through the TSO logon panel |
|
TSO.SECLABEL |
Disable |
Security label entered or used during TSO logon |
|
TSO.SIZE |
Disable |
Default or requested region size during TSO logon - TSO segment |
|
TSO.SYSOUTCLASS |
Disable |
Default system out class |
|
TSO.UNIT |
Disable |
Default name of a device or group of devices that a procedure uses for allocations in TSO segment |
|
TSO.USERDATA |
Disable |
Optional installation data defined for a user |
|
OMVS.CPUTIMEMAX |
Disable |
The time limit (in seconds) for processes that were created by |
|
OMVS.FILEPROCMAX |
Disable |
Maximum number of files a user is allowed to have concurrently active or open - OMVS segment |
|
OMVS.HOME |
Disable |
OMVS initial directory path name |
|
OMVS.MMAPAREAMAX |
Disable |
Maximum amount of data space storage, in pages, that can be allocated by a user for memory mappings of OMVS files - OMVS segment |
|
OMVS.PROCUSERMAX |
Disable |
Maximum number of processes a user is allowed to have active at the same time, regardless of how the process became OMVS process |
|
OMVS.PROGRAM |
Disable |
First program started when TSO command OMVS is entered or when a batch job is started using the BPXBATCH program |
|
OMVS.THREADSMAX |
Disable |
Maximum number of pthread_create threads, including those running, queued, and exited but not detached, that a user can have concurrently active |
|
OMVS.UID |
Disable |
User identification in OMVS segment |
Note
-
USER_ID,password, andUG_DEFare mandatory attributes. -
The RACF source retries every account provisioning operation for all the configured retryable errors.