Start of change

Enabling the Configuration Manager on z/OS to obtain user ID information

This topic lists the steps you need to complete, to enable the Configuration Manager on z/OS to correctly obtain the list of user IDs for a particular group from the External Security Manager (ESM) database.

When connecting to the Configuration Manager, the local user ID on the connecting machine is sent to the Configuration Manager for the purposes of broker domain authorization. This user ID is checked against the Configuration Manager Access Control Lists (ACL) to determine the level of authorization.

For any group ACLs defined, the Configuration Manager queries the local ESM database for a list of user IDs defined to that group. The Configuration Manager then tries to match any user ID connecting to it, with this list, to grant the correct authorization to the broker domain.

For the Configuration Manager on z/OS to obtain this list of user IDs, the group and any user IDs must have an OMVS segment defined.

User IDs
Groups

See the OS/390 Security Server (RACF) Security Administrator's Guide (or the appropriate documentation for an external security manager installed on the system) for details.

If the group, or any of the defined user IDs in that group, are not found by the Configuration Manager (either because they do not exist, or because they do not have an OMVS segment), the Configuration Manager is not able to authorize the user attempting the connection.

Related concepts
Access Control Lists
Related reference
mqsicreateaclentry command
End of change