Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IRRH501E z/OS Security Server RACF Messages and Codes SA23-2291-00 |
|
IRRH501E The RACF database
is not at the suggested stage of application identity mapping (AIM).
The database is at AIM stage AIM-stage. ExplanationThe RACF_AIM_STAGE check has determined that the RACF® database is not at the suggested stage of application identity mapping (AIM). Your system programmer can convert your RACF database using the IRRIRA00 conversion utility. See z/OS Security Server RACF System Programmer's Guide for information about running the IRRIRA00 conversion utility. Stage 3 of application identity mapping allows RACF to more efficiently handle authentication and authorization requests from applications such as z/OS® UNIX and is required to use some RACF function. You should assign a unique UNIX UID for each user and a unique GID for each group that needs access to z/OS UNIX functions and resources. Assigning unique IDs rather than shared IDs improves overall security and increases user accountability. However, if you have a large number of users without OMVS segments who need access to z/OS UNIX services, such as FTP, you might choose not to assign UNIX identities in advance of their need to use the services. In these cases, when your RACF database has been converted to AIM stage 3, you can enable RACF to automatically assign unique UNIX UIDs and GIDs at the time they are needed. See z/OS Security Server RACF Security Administrator's Guide for information about enabling RACF for automatic assignment of unique UNIX identities. System actionThe check continues processing. There is no effect on the system. Operator responseReport this problem to the system security administrator. System programmer responseIf you want to use RACF function such as support for automatically assigning unique UNIX UIDs and GIDs at the time that they are needed, run the IRRIRA00 utility to advance the RACF database to application identity mapping stage 3. For details about using the IRRIRA00 utility, see z/OS Security Server RACF System Programmer's Guide. Problem determinationSourceModuleIRRHCR10 Routing codeN/A Descriptor codeN/A AutomationNone. Reference DocumentationSee z/OS Security Server RACF System Programmer's Guide and z/OS Security Server RACF Security Administrator's Guide. |
Copyright IBM Corporation 1990, 2014
|