16.20 - UNIX Security - Teradata Tools and Utilities

Teradata® Tools and Utilities for IBM z/OS Installation Guide

Teradata Tools and Utilities
Release Number
October 2018
English (United States)
Last Update
The MVS userid assigned to any TDP using an NP must be defined to the MVS RACF OMVS segment in the user profile to provide a UNIX userid. For IBM's RACF, this may be done in one of three ways:
  • For z/OS V1.R13 and previous, the BPX.DEFAULT.USER RACF FACILITY class can be used to assign a default UNIX userid to every MVS userid.
  • For z/OS V1.R11 and later, the BPX.UNIQUE.USER RACF FACILITY class can be used to request a UNIX userid for any MVS userid without an OMVS segment that accesses a UNIX kernel service. Refer to the z/OS Security Server RACF Security Administrator's Guide available at: http://www.ibm.com/support/knowledgecenter/.
  • For any z/OS release, the following RACF commands may be used to associate an existing UNIX userid to an MVS TDP userid:
    • ALTUSER mvsusername OMVS(UID(unixuserid))
    • ALTGROUP mvsgroupname OMVS(GID(unixgroupid))

    where mvsusername is the MVS userid for the TDP, unixuserid is either an existing UNIX userid or the parameter AUTOUID to request that a unique UNIX userid be generated; mvsgroupname is the MVS group name with which the MVS TDP user name is associated; unixgroupid is either an existing UNIX userid or the parameter AUTOGID to request that a unique UNIX userid be generated.

TDP uses UNIX implicitly to access the network. No explicit UNIX resources such as the shell, applications, or files are used; however, because TDP exits could do such things, the security characteristics for a UNIX userid might need such usage. Refer to the IBM document z/OS UNIX System Services Planning, available at: http://www.ibm.com/support/knowledgecenter/.