Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Examples z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
The RACDCERT MAP commands shown in Figure 1 create
two subject's name filters based on partial subject's distinguished
names.
Figure 1. Sample
RACDCERT MAP commands for creating subject's name filters
The filter labeled 'NY SALES REPS' contains the portion of the subject's distinguished name that identifies the user as an employee of the Sales department in the New York office of the US division of the World Sales Corporation. Based on this filter, RACF® will associate the user ID NYSALES to any user presenting a certificate containing this significant portion of the subject's distinguished name, who does not have an individual certificate registered with RACF. The filter labeled 'NY OTHERS' contains the portion of the subject's distinguished name that identifies the user as an employee in the New York office of the US division of the World Sales Corporation. Based on this filter, RACF will associate the user ID NYUSER to any user presenting a certificate containing this significant portion of the subject's distinguished name, who does not have an individual certificate registered with RACF. Users that present certificates that contain subject's distinguished
names that match both filters will be associated with the user
ID of the most specific filter. In this case, the most specific
filter is the filter labeled 'NY SALES REPS'. For
example, if the users Agneta and Hiro, whose certificate information
is shown in Table 1, present
certificates while these two subject's name filters are in effect,
the following will result:
|
Copyright IBM Corporation 1990, 2014
|