Not clear on setting up the map between the RSA userid and the ACF2 userid. For instance, if the RSA userid is userFirstName.userLastName and the ACF2 userid is OOOOFML, how is that implemented? Keeping in mind that I have several hundred users who will need this access, is there an automated way of accomplishing this without having to manually create a map for each ID?
Release : 16.0
Component : CA ACF2 for z/OS
Sometimes the RSA userid and the CA ACF2 logonid do not match for a user. Optionally, you can map an RSA userid to a CA ACF2 logonid. A user-defined logonid field can be used to store the RSA userid in the CA ACF2 logonid record for the user.
This is done by making the appropriate logonid update via usermod UM99901 then issuing the following command: F ACF2,NEWMOD(ACFFDR). A NEWMOD of the ACFFDR cannot be used to update the UID string, SVC or SMF numbers, an IPL is required to modify these ACFFDR options.
The user-defined logonid field is then referenced in the $USERDATA line of a resource rule called RSAUMAP in the CASECMFA class, as follows:
For example, if the user-defined logonid field is called RSAID, the rule would be:
After the RSAUMAP rule is stored, issue the F ACF2,REBUILD(CAS) command to make it active.
CA ACF2 reverts to using the regular CA ACF2 logonid for the RSA signon validation when one of the following conditions is true:
RSA mapped userids can be up to 64 bytes long.