Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Restrictions of RACF client ACEE support z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
As the security administrator, you need to be aware of restrictions
of the RACF® client ACEE support,
in which both the application server's RACF identity
and the client's RACF identity
are used in resolving access decisions.
If you have implemented access control to resources that use both the server's RACF identity and the client's RACF identity in an access control decision, application servers that you do not trust should be treated as end points. These servers should not be allowed to submit batch jobs or use the services of other servers that run exclusively under the identity of the client. You must ensure that applications servers that do not meet this criteria are not authorized to the profile BPX.SERVER in the RACF FACILITY class. |
Copyright IBM Corporation 1990, 2014
|