For example, if a customer accesses the Jamal's Bank system using
an unregistered user certificate, the following represents the sequence
of processing that RACF®, specifically
the
initACEE callable service, will complete to process
multiple criteria using a DIGTCRIT profile.
- The sequence shown in How RACF processes certificate name filters is followed,
until the full issuer's name is used to check for a matching profile
in the DIGTNMAP class, to determine if there is an applicable certificate
name filter.
Result: A DIGTNMAP profile is found to match:
OU=Jamal's Bank General Subscriber.O=VeriSign, Inc.L=Internet
- The criteria definitions, SYSID=&SYSID.ENCRLVL=&ENCRLVL are
found in the DIGTNMAP profile, and the supplied values are substituted
for each variable: SYSID=SYSA and ENCRLVL=LOW.
Result: A
DIGTCRIT profile is found to match:
SYSID=SYSA.ENCRLVL=*
- Processing by initACEE continues using the user
ID GENERAL for the customer's certificate.
Note: In
this example, if the application calling the initACEE callable
service does not pass the ENCRLVL variable, only the SYSID= value
is used to determine the user ID. Therefore, the DIGTCRIT profile
named SYSID=SYSA.ENCRLVL=* is found to match, and
the user ID GENERAL is still used for the customer's
certificate.