RACF places restrictions on user and group profile names, passwords, and other values. You must do what is necessary in your policies and filters to ensure that no objects or attributes are added or migrated from eDirectory that do not conform to the RACF restrictions. The Subscriber channel performs no validity checking on the values in the XDS command documents that are passed to it. The RACF commands that the Subscriber channel generates to process the command documents validate their parameter values. Invalid values can cause the commands issued by the Subscriber channel to produce erroneous results.
The following sections describe some common RACF command parameter syntax rules. For a complete description of RACF command parameter syntax rules, see your Security Server RACF Command Language Reference. For tables relating RACF command parameters and z/OS RACF schema attributes, see Section A.2, RACF Command Parameter Mapping.
The following is a summary of the RACF restrictions for naming user profiles. For complete details, see your RACF documentation.
A RACF TSO user ID must be between 1 and 7 characters in length.
A RACF TSO user ID must consist of characters in: A-Z, 0-9, #, $, @ (case-insensitive).
A RACF TSO user ID must not begin with a numeric character (0-9).
No user ID can be the same as the name of another user ID or the name of a group.
The following is a summary of the RACF restrictions for naming group profiles. For complete details, see your RACF documentation.
A RACF group name must be between 1 and 8 characters in length.
A RACF group name must consist of characters in: A-Z, 0-9, #, $, @ (case-insensitive).
A RACF group name must not begin with a numeric character (0-9).
No group name can be the same as the name of another group or the name of a user ID.
z/OS requires that passwords be one to eight alphanumeric characters. z/OS passwords are case-insensitive. An installation can define additional password syntax rules using the RACF SETROPTS command.