Users who identify themselves on distributed application servers before initiating certain transactions on z/OS® subsystems might be assigned a RACF® user ID on your system if there is an applicable distributed identity filter in effect. See Distributed identity filters for more information.

To prevent users who are assigned a RACF user ID by a distributed identity filter from accessing protected resources they are not specifically authorized to access, assign a restricted user ID to each user ID associated with a distributed identity filter.