With application identity mapping enabled at stage 3, RACF® uses an alias index rather than mapping profiles to associate users and groups with z/OS UNIX, Lotus® Notes®, and Novell Directory Service identities. It is possible that an unexpected error could cause an association mismatch that you can identify by comparing IRRUT200 alias index output with profile information returned from LISTUSER, LISTGRP, or DBUNLOAD. This section suggests methods to correct such inconsistencies.

At stages below application identity mapping stage 3, RACF maintains mapping profiles and functionality to ensure mapping compatibility with systems running OS/390® release 10 or below that share a database with higher-level systems. This means that the RACF database is susceptible to errors described in Recovering from errors in identity mapping profiles and the recovery instructions there are equally useful. You should use program control to be sure that USER and GROUP commands can only be issued from systems running OS/390 release 10 or higher. After all systems sharing the database are migrated to OS/390 release 10 or higher, run IRRIRA00 to advance the database to stage 3, thereby reducing the likelihood of mapping errors.