Setting up the user ID mapping capability
Instead of adding Tivoli Enterprise Portal user IDs to RACF, you can use the user ID mapping capability to map the IDs to new or existing RACF® user IDs that you will connect to the appropriate OPERCMDS profiles.
About this task
- IMPORTANT: When creating member KGLUMAP in the RKANPARU data set, measures must be in place to secure the KGLUMAP member and also to back it up. If not, the PARMGEN reload jobs or the Configuration Manager GENERATE actions could remove this member.
- To map Tivoli Enterprise Portal user
IDs to new or existing RACF user
IDs for Take Action validation, create member KGLUMAP in the RKANPARU
data set, and add to it one or more one-line mappings of this form:
tepuser1 racfuser1 tepuser2 racfuser2 tepuser3 racfuser3
tepuseris the 1- to 10-character Tivoli Enterprise Portal user ID, and
racfuseris the 1- to 8-character RACF user ID. The
tepuserfield (but only that field) allows a trailing * to indicate a wildcard, as in these examples:
Note that no TSO or OMVS segments are required for any new RACF user IDs you choose, since they will not be used to actually log on to z/OS®. Instead, they are used only for authorization against the OPERCMDS facility profiles.
tepuser* racfuserA sys* racfuserB