Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
How RACF matches filter values z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
When a distributed user authenticates on a Web-based application server and takes an action that causes a supported transaction to be sent to the z/OS® system, RACF® receives the user's distributed user and registry names as character strings of UTF-8 data. When the IDIDMAP class is active and RACLISTed, RACF uses the UTF-8 data to search IDIDMAP profiles for the distributed identity filter that contains the name values best matching the data. When the best matching filter is found, RACF assigns a RACF user ID. You can specify user and registry name values in the distributed identity filter to map a RACF user ID using a one-to-one match or a many-to-one match. In other words, you can define a filter that assigns a RACF user ID to only one distributed user, or you can define a filter that assigns the same RACF user ID to multiple distributed users. |
Copyright IBM Corporation 1990, 2014
|