Application registry definitions
An application registry definition is an entry in Enterprise Identity Mapping (EIM) that you create to describe and represent a subset of user identities that are defined in a system registry. These user identities share a common set of attributes or characteristics that allow them to use a particular application or set of applications.
Application registry definitions represent user registries that exist within other user registries. For example, the z/OS® Security Server (RACF®) registry can contain specific user registries that are a subset of users within the overall RACF user registry. Because the of this relationship, you must specify the name of the parent system registry for any application registry definition that you create.
You can create an EIM application registry definition for a user registry when the user identities in the registry have the following traits:
- The user identities for an application is not stored in a user registry specific to the application.
- The user identities for an application is stored in a system registry that contains user identities for other applications.
EIM lookup operations perform correctly regardless of whether an EIM administrator creates an application or a system registry definition for a user registry. However, separate registry definitions allow mapping data to be managed on an application basis. The responsibility of managing application-specific mappings can be assigned to an administrator for a specific registry.
For example, Figure 7 shows how an EIM administrator created a
system registry definition to represent a z/OS Security Server RACF registry. The administrator also created
an application registry definition to represent the user identities
within the RACF registry that
use z/OS(TM) UNIX System Services (z/OS UNIX).
System C contains a RACF user
registry that contains information for three user identities,
SMITH1. Two of these user identities (
SMITH1) access z/OS UNIX on System C. These user identities
are actually RACF users with
unique attributes that identify them as z/OS UNIX users. Within the EIM registry
definitions, the EIM administrator defined
represent the overall RACF user
registry. The administrator also defined
represent the user identities that have z/OS UNIX attributes.
Figure 7: EIM registry definitions for the RACF user registry and for users of z/OS UNIX