z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Permitting access to the IRR.RUSERMAP resource

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Authorization to use the identity mapping service (IRRSIM00) is controlled through a RACF® general resource called IRR.RUSERMAP in the FACILITY class. You must define a profile to protect this resource and permit application user IDs to access the resource with READ authority.

Important: Make sure an existing generic profile in the FACILITY class does not inadvertently grant this authority by default. Create a profile to protect the IRR.RUSERMAP resource with UACC(NONE) until you determine which applications require identity mapping.

The following example protects the IRR.RUSERMAP resource in the FACILITY class with UACC(NONE) and authorizes the group of application servers called MAPGRP to use identity mapping.
RDEFINE FACILITY IRR.RUSERMAP UACC(NONE)
PERMIT  IRR.RUSERMAP CLASS(FACILITY) ID(MAPGRP) ACCESS(READ)
Parent topic: Authorizing applications to use identity mapping

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014