Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Administering security when a z/VM system shares the RACF database z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
The Security Server can be installed and run only on z/OS systems. However, your installation can share the RACF® database with a z/VM® system on which RACF for z/VM is running. A RACF database that is shared with a z/VM system can contain information about users and resources that is relevant only to that z/VM system. Although you can perform some RACF administration tasks for your z/VM system using commands you issue on z/OS, this publication library does describe those tasks. For complete information about administering RACF on z/VM, see the applicable RACF document in the z/VM library. If your installation shares the RACF database with a z/VM system, administration of OpenExtensions for z/VM users and groups can be performed from your z/OS system. Note that changing OpenExtensions user identifiers (UIDs) and group identifiers (GIDs) creates corresponding updates in the VMPOSIX class profiles. Restriction: If the shared RACF database
is at application identity mapping (AIM) stage 1 or higher, do not
use the z/VM system to do the
following tasks:
Deleting such profiles from the z/VM system will leave residual profile information in the shared RACF database that will cause inconsistencies with AIM processing. This might require you to recreate some profiles as part of a profile recovery action. For details, see "Recovering from errors with application identity mapping" in z/OS Security Server RACF System Programmer's Guide. |
Copyright IBM Corporation 1990, 2014
|