Controls the security credential domain for SAF.

Name Type Default Description

enableDelegation

boolean

false

Enable RunAs delegation via SAF EJBROLE profiles.

id

string

A unique configuration ID.

racRouteLog

  • ASIS

  • NOFAIL

  • NONE

  • NOSTAT

NONE

Specifies the types of access attempts to log.
ASIS
Records the event in the manner specified in the profile that protects the resource, or by other methods such as the SETROPTS option.
NOFAIL
If the authorization check fails, the attempt is not recorded. If the authorization check succeeds, the attempt is recorded as in ASIS.
NONE
The attempt is not recorded.
NOSTAT
The attempt is not recorded. No logging occurs and no resource statistics are updated.

reportAuthorizationCheckDetails

boolean

false

Flag that changes behavior of the SAFAuthorizationService API when there is an authorization failure. A value of true throws an exception with failure details instead of returning false to the caller.

roleMapper

string

com.ibm.ws.security.authorization.saf.internal.SAFRoleMapperImpl

OSGi component name of the SAF role mapper service provider.