My preference is to understand how to do this from the TSO command line, and not with ISPF. I would also like to understand if a systems programmer needs to be involved for setting up the group first
First you have to create a RACF dataset profile to cover the dataset in question if it doesn't already exist using ADDSD:
ADDSD 'userid1.JCL.CNTL'
Where userid1.JCL.CNTL is the dataset you want to give access to.
Note that this command will create a discrete profile, unless you add the optional GEN (for generic) to the ADDSD. Discrete profiles only ever protect a single data set, and more importantly, discrete profiles are deleted when the data set they protect is deleted. This is mostly unwanted, so most always it is better to create a generic profile even if it shall protect a single data set only.
Also, you should decide what access level you want allow to the "universe" by specifying the UACC keyword. The default for UACC depends on your current connect group. You may disallow access to anyone, except the ones you PERMIT access by specifying UACC(NONE)
ADDSD 'userid1.JCL.CNTL' GEN UACC(NONE)
Then PERMIT access to this newly created profile.
PERMIT 'userid1.JCL.CNTL' GEN ID(userid2) ACCESS(READ)
Where userid1 is your userid and userid2 is your collaborator. Under typical conventions you will be allowed to have control of the permissions of datasets under your high level qualifier. You can also create generic profiles to give access to multiple datasets:
ADDSD 'userid1.JCL.*' GEN UACC(NONE)
PERMIT 'userid1.JCL.*' ID(userid2) ACCESS(READ)
You can also permit a group of users to your datasets by entering a group name in the ID field:
PERMIT 'userid1.JCL.*' ID(groupa) ACCESS(READ)
It's likely you'll need help from a systems programmer if you need a new group created. To add a user to a group you need the CONNECT command.
CONNECT (userid2) OWNER(groupa)
You need AUTH=CONNECT authority to add (connect) new users to the group. You can check if you have connect authority to the groups you have access to by issuing the LISTUSER command:
LISTUSER userid1
Where userid1 is your userid. The output will be similar to:
USER=userid1 NAME=your name OWNER=groupa CREATED=23.033
DEFAULT-GROUP=groupa PASSDATE=23.153 PASS-INTERVAL= 30 PHRASEDATE=N/A
ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
LAST-ACCESS=23.171/21:55:05
CLASS AUTHORIZATIONS=NONE
NO-INSTALLATION-DATA
NO-MODEL-NAME
LOGON ALLOWED (DAYS) (TIME)
---------------------------------------------
ANYDAY ANYTIME
GROUP=groupa AUTH=USE CONNECT-OWNER=groupa CONNECT-DATE=23.033
CONNECTS= 68 UACC=NONE LAST-CONNECT=23.171/21:55:05
CONNECT ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
GROUP=IZUUSER AUTH=USE CONNECT-OWNER=groupb CONNECT-DATE=23.167
CONNECTS= 00 UACC=NONE LAST-CONNECT=UNKNOWN
CONNECT ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
SECURITY-LEVEL=NONE SPECIFIED
CATEGORY-AUTHORIZATION
NONE SPECIFIED
SECURITY-LABEL=NONE SPECIFIED
READY
But you need AUTH=JOIN authority in a superior group in order to use the ADDGROUP command to create a new subordinate group. Groups in RACF are in a hierarchical structure and you'll need the appropriate authority in a superior group.
ADDGROUP mygroup SUPGROUP(groupa)
ICH00007I INSUFFICIENT AUTHORITY TO SUPERIOR GROUP.