We would like to request an enhancement to the administration process (command processor) when adding DFLTGRP to an ACID. Let me explain.
Currently you can issue the "TSS ADD(acid) DFLTGRP(group-name)" or "TSS REPLACE(acid) DFLTGRP(group-name)" commands and;
- No cross check is done to verify that the GROUP name used in DFTLGRP field even exists. You can specify anything.
- No cross check is done to ensure that if, the GROUP name used does exist, is it already connected to the user that you are adding the default group to?
We would like the "ADD/REPLACE" command for DFLTGRP to fail if one of the above conditions exists:
- DFLTGRP should always be a GROUP that has been previously defined to the security system.
- The DFLTGRP for a user must also be added to the users ACID. There are numerous instances where an application does not just depend on the OMVS Segment checking (for UID/GID) and will query TSS to see if a GROUP has been attached to the ACID.