z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Defining a filter for an X.500 user identity

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can define the user name portion of the filter as a character string that specifies all or selected parts of an X.500 distinguished name (DN). To do this, specify one or more RDNs as the user name value and specify the name of the LDAP registry, or an asterisk, as the registry name.

For details about how RACF® matches the distributed user's registry and user name with your specified filter values, see How RACF matches filter values.

When specifying the user name, you can specify all or selected RDNs of an X.500 DN. The following sets of steps describe both approaches.
  • Steps for defining a filter for a full X.500 DN lists the steps to define the user name portion of the filter as a complete X.500 DN, specifying all RDNs for a given user.

    The examples in these steps implement a filter that provides a one-to-one match, and maps a single user who has a high level of access authority to a RACF user ID.

  • Steps for defining a filter using selected RDNs lists the steps to define filters that specify fewer, selected RDNs of the X.500 DN.

    The examples in these steps implement filters that provide a many-to-one match, and maps multiple users who have a lower level of access authority to one RACF user ID.

Parent topic: Distributed identity filters

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014