Shared UID support

For IBM® Security Identity server to provision a shared OMVS UID number, the adapter, or surrogate user IDs must have the necessary permission.

If the SHARED.IDS profile is defined in the UNIXPRIV class, definition of duplicate UIDs for multiple users is prevented. For the IBM Security Identity Governance and Intelligence to define UIDs to multiple users, you must add the RACF user ID (representing the adapter) to have READ access to the resource profile:

PE SHARED.IDS CLASS(UNIXPRIV) AC(READ) ID(ISIAGNT)
SETROPTS CLASS(UNIXPRIV) REFRESH

Where the RACF user ID set in the PERMIT command is either the adapter ID or the surrogate ID that is used to run the RACF command.

If surrogate RACF user IDs are being used, the user ID specified in the preceding PERMIT command reflects the surrogate user ID. It is not the adapter RACF user ID that starts the adapter

For more information, see the z/OS RACF Security Administrator's Guide.