z/OS Security Server RACF Command Language Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACDCERT ALTMAP (Alter mapping)

z/OS Security Server RACF Command Language Reference
SA23-2292-00

Purpose

Use the RACDCERT ALTMAP command to change the label, trust status, or criteria associated with the specified mapping.

See UTF-8 and BMP character restrictions for information about how UTF-8 and BMP characters in certificate names and labels are processed by RACDCERT functions.

Issuing options

The following table identifies the eligible options for issuing the RACDCERT ALTMAP command:
As a RACF® TSO command? As a RACF operator command? With command direction? With automatic command direction? From the RACF parameter library?
Yes No No. (See rules.) No. (See rules.) No
Rules: The following rules apply when issuing this command.
  • The RACDCERT command cannot be directed to a remote system using the AT or ONLYAT keyword.
  • The updates made to the RACF database by RACDCERT are eligible for propagation with automatic direction of application updates based on the RRSFDATA profiles AUTODIRECT.target-node.DIGTMAP.APPL and AUTODIRECT.target-node.DIGTCRIT.APPL, where target-node is the remote node to which the update is to be propagated.

Authorization required

To issue the RACDCERT ALTMAP command, you must have the SPECIAL attribute or sufficient authority to the IRR.DIGTCERT.ALTMAP resource in the FACILITY class for your intended purpose.
Table 1. Authority required for the RACDCERT ALTMAP function
IRR.DIGTCERT.ALTMAP
Access level Purpose
READ Alter a mapping associated with your own user ID.
UPDATE Alter a mapping associated with another user ID or MULTIID.

Activating your changes

If the DIGTNMAP or DIGTCRIT class is RACLISTed, refresh the classes to activate your changes.

Example: 
SETROPTS RACLIST(DIGTNMAP, DIGTCRIT) REFRESH

Related commands

  • To define a user ID mapping, see RACDCERT MAP.
  • To delete a user ID mapping, see RACDCERT DELMAP.
  • To list a user ID mapping, see RACDCERT LISTMAP.

Syntax

For the key to the symbols used in the command syntax diagrams, see Syntax of RACF commands and operands. The complete syntax of the RACDCERT ALTMAP command is:

 
RACDCERT ALTMAP[(LABEL('label-name'))]

[ ID(mapping-owner) | MULTIID ]
[ NEWCRITERIA(criteria-profile-name-template) ]
[ NEWLABEL('label-name') ]
[ TRUST | NOTRUST ]

If you specify more than one RACDCERT function, only the last specified function is processed. Extraneous keywords that are not related to the function being performed are ignored.

If you do not specify a RACDCERT function, LIST is the default function.

For information on issuing this command as a RACF TSO command, refer to RACF TSO commands.

Parameters

ALTMAP
ALTMAP(LABEL('label-name'))
Specifying label name is required if more than one mapping is associated with the user ID. If NEWLABEL, NEWCRITERIA, or TRUST/NOTRUST is not specified, the mapping is not altered.
ID(mapping-owner) | MULTIID
Specifies the user ID associated with the mapping. If you do not specify ID or MULTIID, the default is ID, and mapping-owner defaults to the user ID of the command issuer. If more than one keyword is specified, the last specified keyword is processed and the others are ignored by TSO command parse processing.
ID(mapping-owner)
Specifies the user ID associated with the mapping.
MULTIID
Specifies that additional criteria is used to determine the user ID associated with the mapping.
NEWCRITERIA(criteria-profile-name-template)
Changes the template associated with this mapping when specified with MULTIID. New DIGTCRIT profiles must be created to match the new template profile names. NEWCRITERIA can only be set for MULTIID.
NEWLABEL('new-label-name')
Specifies the label replacing the previous label assigned to a certificate mapping.

See the WITHLABEL keyword for RACDCERT ADD for information on label rules.

If new-label-name is the same as label-name, the label is not changed and no message is issued.

TRUST | NOTRUST
When specified with ALTMAP, indicates whether this mapping can be used to associate a user ID to a certificate presented by a user accessing the system.

Examples

     
Example 1 Operation User RACFADM with SPECIAL authority has been notified by the network administrator that the users in department BWVA can begin using their certificates to access the system. The mapping previously created with the label BWVA USERS can now be marked trusted.
Known User RACFADM has SPECIAL authority.
Command RACDCERT ID(BWVAUSR) ALTMAP(LABEL('BWVA USERS')) TRUST
Output None.
Parent topic: RACF command syntax

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014