Instead of adding Tivoli Enterprise Portal user IDs to
RACF, you can use the user ID mapping capability to map the IDs to
new or existing RACF® user IDs
that you will connect to the appropriate OPERCMDS profiles.
Procedure
- IMPORTANT: When creating member KGLUMAP in the RKANPARU data set,
measures must be in place to secure the KGLUMAP member and also to back it up. If not, the PARMGEN
reload jobs or the Configuration Manager GENERATE actions could remove this member.
- To map Tivoli Enterprise Portal user
IDs to new or existing RACF user
IDs for Take Action validation, create member KGLUMAP in the RKANPARU
data set, and add to it one or more one-line mappings of this form:
tepuser1 racfuser1
tepuser2 racfuser2
tepuser3 racfuser3
where
tepuser
is the
1- to 10-character
Tivoli Enterprise Portal user
ID, and
racfuser
is the 1- to 8-character RACF user ID. The
tepuser
field
(but only that field) allows a trailing
* to indicate a wildcard,
as in these examples:
tepuser* racfuserA
sys* racfuserB
Note that no TSO or OMVS segments are required
for any new RACF user IDs you
choose, since they will not be used to actually log on to z/OS®. Instead, they are used only
for authorization against the OPERCMDS facility profiles.