Special considerations for sub-requests

All users who need to list directories or perform other IBM® HTTP Server - Powered by Apache sub-requests must have READ access to the profiles described in this section.

About this task

All users who need to list directories or perform other IBM HTTP Server - Powered by Apache sub-requests must have READ access to the profiles in Table 1. This access is required regardless of whether the users are provisioned with IBM MFA. This access is required because the web server user ID changes to the user ID prior to processing the sub request.

An example of sub-requests is entering a URL ending in / when Options +Indexes is specified in httpd.conf to allow directory listings to be returned to the user. In this case, the user ID on the thread is changed when processing the initial request to that of the user and all sub-requests are processed using the user's user ID.

Table 1. Required profile access for sub-requests
Class	Profile
CRYPTOZ	USER.`<TOKEN_NAME>`
CSFSERV	CSF1SKD
CSFSERV	CSF1SKE
CSFSERV	CSFOWH
CSFSERV	CSF1TRL