Setting up the user ID mapping capability

Instead of adding Tivoli Enterprise Portal user IDs to RACF, you can use the user ID mapping capability to map the IDs to new or existing RACF® user IDs that you will connect to the appropriate OPERCMDS profiles.

About this task

Procedure

  • IMPORTANT: When creating member KGLUMAP in the RKANPARU data set, measures must be in place to secure the KGLUMAP member and also to back it up. If not, the PARMGEN reload jobs or the Configuration Manager GENERATE actions could remove this member.
  • To map Tivoli Enterprise Portal user IDs to new or existing RACF user IDs for Take Action validation, create member KGLUMAP in the RKANPARU data set, and add to it one or more one-line mappings of this form:
    tepuser1 racfuser1
    tepuser2 racfuser2
    tepuser3 racfuser3
    where tepuser is the 1- to 10-character Tivoli Enterprise Portal user ID, and racfuser is the 1- to 8-character RACF user ID. The tepuser field (but only that field) allows a trailing * to indicate a wildcard, as in these examples:
    tepuser* racfuserA
    sys* racfuserB
    Note that no TSO or OMVS segments are required for any new RACF user IDs you choose, since they will not be used to actually log on to z/OS®. Instead, they are used only for authorization against the OPERCMDS facility profiles.