Specifying user attributes
The user attributes define who has the access that is going to be subsequently defined. They can identify one user, a selection of users, a group of users, a selection of groups of users, or all users. You can also exclude one or more specific users or groups from a selection. As well as being identified by logon ID and group name, users can also be described by the workstation from which they log on. And finally, you can mix selection criteria, for example selecting all users in a named group that can access from a set of workstations identified by a wildcard, but excluding a specific set of users identified by their logon IDs.
A user must be uniquely identified. If different users have the same identifier, an error is issued when makesec command is run. You must edit the security file by using dumpsec command, assign a unique identifier to users, and rerun the makesec command.