z/OS Identity Propagation

An IBM Redbooks publication

Published 29 September 2011

Authors: Karan Singh, Rogerio Camargo, Simon Dodge, Bob McCormack, Alain Roessle, Martina Schmidt, Ruben Thumbiran, Phil Wakelin, Nigel Williams


This IBM® Redbooks® publication explores various implementations of z/OS® Identity Propagation where the distributed identity of an end user is passed to z/OS and used to map to a RACF® user ID, and any related events in the audit trail from RACF show both RACF and distributed identities.

This book describes the concept of identity propagation and how it can address the end-to end accountability issue of many customers. It describes, at a high level, what identity propagation is, and why it is important to us. It shows a conceptual view of the key elements necessary to accomplish this.

This book provides details on the RACMAP function, filter management and how to use the SMF records to provide an audit trail. In depth coverage is provided about the internal implementation of identity propagation, such as providing information about available callable services.

This book examines the current exploiters of z/OS Identity Propagation and provide several detailed examples covering CICS® with CICS Transaction Gateway, DB2®, and CICS Web services with Datapower.

Table of contents

Chapter 1. Introduction
Chapter 2. RACF and z/OS Identity Propagation
Chapter 3. z/OS Identity Propagation exploiters
Chapter 4. RACMAP function
Chapter 5. Filter management
Chapter 6. Using SMF audit information to report on z/OS Identity Propagation
Chapter 7. Internal z/OS data structures impacted by identity propagation
Chapter 8. Identity propagation with CICS and CICS Transaction Gateway
Chapter 9. Identity propagation with DB2 for z/OS
Chapter 10. Identity propagation using CICS Web services

Follow IBM Redbooks

Follow IBM Redbooks