z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Adding a default RACMAP filter

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can map all distributed user names (that are unmapped by more specific filters) by defining a default RACMAP filter. Define a default RACMAP filter by specifying a single asterisk as the user name and a single asterisk as the registry name.

Example:
RACMAP ID(WEBUSER) MAP 
  USERDIDFILTER(NAME('*'))
  REGISTRY(NAME('*')) 
  WITHLABEL('Default filter for any WEBUSER')

For example, you might define a default RACMAP filter to map a RACF® user ID, such as WEBUSER, to any user of z/OS® transactions that access information of general or public interest. This is useful when you want to serve selected information, such as product catalogs, to any Web user. In these cases, the user's distributed identity, and the registry that was used for authentication, are unimportant.

Guideline: When implementing a default RACMAP filter, map the filter to a RACF user ID that is restricted and protected. For more information, see Defining restricted user IDs and Defining protected user IDs.

Example:
ALTUSER WEBUSER RESTRICTED NOPASSWORD
Parent topic: Details about specifying user and registry names

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014