Purpose
Use
the RACDCERT DELMAP command to delete a mapping for a user ID.
See UTF-8 and BMP character restrictions for information about how UTF-8 and BMP characters in certificate
names and labels are processed by RACDCERT functions.
Issuing options
The following table identifies
the eligible options for issuing the RACDCERT DELMAP command:
As a RACF® TSO command? |
As a RACF operator command? |
With command direction? |
With automatic command direction? |
From the RACF parameter library? |
---|
Yes |
No |
No. (See rules.) |
No. (See rules.) |
No |
Rules: The
following rules apply when issuing this command. - The RACDCERT command cannot be directed to a remote system using
the AT or ONLYAT keyword.
- The updates made to the RACF database
by RACDCERT are eligible for propagation with automatic direction
of application updates based on the RRSFDATA profiles AUTODIRECT.target-node.DIGTMAP.APPL
and AUTODIRECT.target-node.DIGTCRIT.APPL,
where target-node is the remote node to
which the update is to be propagated.
|
Authorization required
To
issue the RACDCERT DELMAP command, you must have the SPECIAL attribute
or sufficient authority to the IRR.DIGTCERT.DELMAP resource in the
FACILITY class for your intended purpose.
Table 1. Authority
required for the RACDCERT DELMAP functionIRR.DIGTCERT.DELMAP |
---|
Access level |
Purpose |
---|
READ |
Delete a mapping associated with your own user
ID. |
UPDATE |
Delete a mapping associated with another user
ID or MULTIID. |
Activating your changes
If the DIGTNMAP
or DIGTCRIT class is RACLISTed, refresh the classes to activate your
changes.
Example:
SETROPTS RACLIST(DIGTNMAP, DIGTCRIT) REFRESH
Related commands
- To define a user ID mapping, see RACDCERT MAP.
- To alter a user ID mapping, see RACDCERT ALTMAP.
- To list a user ID mapping, see RACDCERT LISTMAP.
The RACDCERT DELMAP command is unrelated to the RACMAP
DELMAP command.
Syntax
For the key to
the symbols used in the command syntax diagrams, see Syntax of RACF commands and operands. The complete syntax of the RACDCERT
DELMAP command is:
|
---|
RACDCERT DELMAP[(LABEL('label-name'))] |
[ID(mapping-owner) | MULTIID]
|
If you specify more than one RACDCERT function, only
the last specified function is processed. Extraneous keywords that
are not related to the function being performed are ignored.
If you do not specify a RACDCERT function, LIST is
the default function.
For information on issuing this command as a RACF TSO command, refer to RACF TSO commands.
Parameters
- DELMAP
- DELMAP(LABEL('label-name'))
- Specifying label-name is
required if more than one mapping is associated with the user ID.
Note that mappings might also be deleted as part of DELUSER processing.
Important: If
the user profile for the specified user ID no longer exists and you
specify a label name, RACF searches
all profiles in the DIGTNMAP class to locate and delete the orphaned
DIGTNMAP profile. (An orphaned DIGTNMAP profile might result when
a DELUSER command is issued from a downlevel system for a user ID
that has an associated mapping.) This search might take an extended
period of time.
- ID(mapping-owner)
| MULTIID
- Specifies the user ID associated with the mapping. If you do not
specify ID or MULTIID, the default is ID, and mapping-owner defaults
to the user ID of the command issuer. If more than one keyword is
specified, the last specified keyword is processed and the others
are ignored by TSO command parse processing.
- ID(mapping-owner)
- Specifies the user ID associated with the mapping.
- MULTIID
- Specifies that additional criteria is used to determine the user
ID associated with the mapping.
Examples
|
|
|
---|
Example 1 |
Operation |
User RACFADM with SPECIAL authority has been
notified that departments BWVB and BWVA have merged. The members of
BWVA will be issued new digital certificates. |
Known |
User RACFADM has SPECIAL authority. |
Command |
RACDCERT DELMAP(LABEL('BWVA USERS'))
ID(BWVAUSR)
|
Output |
None. |