Valid on z/OS.
Uses the IDMAP keyword to map a distributed identify username and a distributed registry name to a CA Top Secret ACID.
Note: IDMAP (Identity Propagation) requires VSAM II setup.
IDMAP specifies a unique eight-byte record identifier. When the Identity Propagation name filter is defined, the Identity Propagation mapping information is stored in an IDMAP record in the VSAM file.
This keyword has the following format:
TSS ADDTO(acid) IDMAP(recid) IDMAPDN('distributed-identify-username-filter') IDMAPRN('DISTRIBUTED-IDENTIFY-REGIStryname') [IDLABEL('32-byte label')]
This keyword is used:
The following command lists all fields (ACID, distinguished name, label, registry name, and IDMAP) associated with the specified IDMAP:
TSS LIST(JDoe) IDMAP(JDoeIDM1)
The following command lists all IDMAP information:
TSS LIST(JDoe) IDMAP(ALL)
When IDMAP records are inserted, changed, or deleted, CA Top Secret updates its in-core table of IDMAP records. The in-core table is used when mapping a distributed user to a Logonid. The in-core table is also used when checking for the uniqueness of the IDMAPDN and IDMAPRN combination and the Recid (Logonid portion) and IDLABEL combination.
Therefore, any changes to the IDMAP records become effective immediately. Old records are maintained in the table in a no longer used state. If many changes have been made, clean up the table by issuing the F TSS,REFRESH(IDMAPTAB) console command
If changes to IDMAP records are made on one system in a CPF environment, the in-core tables on the other systems will not be updated automatically. In this case, issue the F TSS,REFRESH(IDMAPTAB) console command on the other systems.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|