Valid on z/OS.
Use the CRITMAP keyword to identify the additional criteria that act as a filter to assign an ACID to a user. The criteria filter is used only in addition to the certificate name filter defined in a corresponding TSS ADD CERTMAP command. On the TSS ADD CERTMAP command, the MULTIID special ACID and the CRITERIA keyword indicate that the criteria filter is used in addition to the certificate filter to check the identity of the user.
CRITMAP is a unique eight‑byte record identifier. When criteria are defined using the TSS ADD CRITMAP command the criteria map information is stored in a CRITMAP record in the SDT on the Security File.
This keyword has the following format:
TSS ADDTO(acid) CRITMAP(recid)
SYSID(system identifier)} {CNFAPP(application name)}
CNFUVAR(site variable list)}
The application variable defined by CA Top Secret. The value may contain an asterisk (*) for masking.
Range: Up to 8 characters
The system identifier defined by CA Top Secret. The value may contain an asterisk (*) for masking.
Range: Up to 4 characters
Users may define their own variable.
This keyword is used with:
In this example, the special ACID name of MULTIID along with the CRITERIA name tells CA Top Secret that if the subject and/or the issuer name information matches, then search the CRITMAP records for a match on the application name before assigning an ACID to the user:
TSS ADDTO(MULTIID) CERTMAP(NYMAP2)
LABLCMAP('NY Dept 2 Map')
TRUST
SDNFILTR('OU=Dept2.OU=NY.OU=Sales.O=ABC Co')
CRITERIA(CNFAPP=&CNFAPP)
TSS ADDTO(NYDEPT2B) CRITMAP(NYCRIT2B)
CNFAPP(BUSINESS)
TSS ADDTO(NYDEPT2R) CRITMAP(NYCRIT2R)
CNFAPP(RETAIL)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|