Purpose
Use the RACDCERT ALTMAP command
to change the label, trust status, or criteria associated with the
specified mapping.
See UTF-8 and BMP character restrictions for information about how UTF-8 and BMP characters in certificate
names and labels are processed by RACDCERT functions.
Issuing options
The following table identifies
the eligible options for issuing the RACDCERT ALTMAP command:
As a RACF® TSO command? |
As a RACF operator command? |
With command direction? |
With automatic command direction? |
From the RACF parameter library? |
---|
Yes |
No |
No. (See rules.) |
No. (See rules.) |
No |
Rules: The
following rules apply when issuing this command. - The RACDCERT command cannot be directed to a remote system using
the AT or ONLYAT keyword.
- The updates made to the RACF database by RACDCERT are eligible for propagation with automatic
direction of application updates based on the RRSFDATA profiles AUTODIRECT.target-node.DIGTMAP.APPL and AUTODIRECT.target-node.DIGTCRIT.APPL, where target-node is the remote node to which the update is to be propagated.
|
Authorization required
To issue the RACDCERT ALTMAP command, you must have the SPECIAL
attribute or sufficient authority to the IRR.DIGTCERT.ALTMAP resource
in the FACILITY class for your intended purpose.
Table 1. Authority required for the RACDCERT ALTMAP functionIRR.DIGTCERT.ALTMAP |
---|
Access level |
Purpose |
---|
READ |
Alter a mapping associated with your own user
ID. |
UPDATE |
Alter a mapping associated with another user
ID or MULTIID. |
Activating your changes
If the DIGTNMAP
or DIGTCRIT class is RACLISTed, refresh the classes to activate your
changes.
Example:
SETROPTS RACLIST(DIGTNMAP, DIGTCRIT) REFRESH
Related commands
- To define a user ID mapping, see RACDCERT MAP.
- To delete a user ID mapping, see RACDCERT DELMAP.
- To list a user ID mapping, see RACDCERT LISTMAP.
Syntax
For the key to
the symbols used in the command syntax diagrams, see Syntax of RACF commands and operands. The complete syntax of the RACDCERT
ALTMAP command is:
|
---|
RACDCERT ALTMAP[(LABEL('label-name'))] |
[ ID(mapping-owner) | MULTIID ]
[ NEWCRITERIA(criteria-profile-name-template) ]
[ NEWLABEL('label-name') ]
[ TRUST | NOTRUST ]
|
If you specify more than one RACDCERT function, only
the last specified function is processed. Extraneous keywords that
are not related to the function being performed are ignored.
If you do not specify a RACDCERT function, LIST is
the default function.
For information on issuing this command
as a RACF TSO command, refer
to RACF TSO commands.
Parameters
- ALTMAP
- ALTMAP(LABEL('label-name'))
- Specifying label name is required
if more than one mapping is associated with the user ID. If NEWLABEL,
NEWCRITERIA, or TRUST/NOTRUST is not specified, the mapping is not
altered.
- ID(mapping-owner) | MULTIID
- Specifies the user ID associated with the mapping. If you do not
specify ID or MULTIID, the default is ID, and mapping-owner defaults to the user ID of the command issuer. If more than
one keyword is specified, the last specified keyword is processed
and the others are ignored by TSO command parse processing.
- ID(mapping-owner)
- Specifies the user ID associated with the mapping.
- MULTIID
- Specifies that additional criteria is used to determine the user
ID associated with the mapping.
- NEWCRITERIA(criteria-profile-name-template)
- Changes the template associated with this mapping when specified
with MULTIID. New DIGTCRIT profiles must be created to match the new
template profile names. NEWCRITERIA can only be set for MULTIID.
- NEWLABEL('new-label-name')
- Specifies the label replacing the previous label assigned
to a certificate mapping.
See the WITHLABEL keyword for RACDCERT
ADD for information on label rules.
If new-label-name is the same as label-name, the
label is not changed and no message is issued.
- TRUST | NOTRUST
- When specified with ALTMAP, indicates
whether this mapping can be used to associate a user ID to a certificate
presented by a user accessing the system.
Examples
|
|
|
---|
Example 1 |
Operation |
User RACFADM with SPECIAL authority has been
notified by the network administrator that the users in department
BWVA can begin using their certificates to access the system. The
mapping previously created with the label BWVA USERS can now be marked
trusted. |
Known |
User RACFADM has SPECIAL authority. |
Command |
RACDCERT ID(BWVAUSR) ALTMAP(LABEL('BWVA
USERS')) TRUST |
Output |
None. |