[z/OS]

Authorization checking

Each controller, servant, and client must be associated with an MVS user ID. When a request flows from a client to the server or from a server to another server, WebSphere Application Server for z/OS passes the user identity (client or server) with the request. This way, each request is performed on behalf of the user identity and the system checks to see if the user identity has the authority to make such a request.

There are three distinct levels of authorization checking.
  1. Operating system-level security

    This first level of authentication is required by z/OS to protect its resources through the use of a System Authorization Facility (SAF) credential. This security is always enabled. For SAF, controllers, servants, and default clients must be associated with an MVS user ID. Operating system resources are accessible by applications when they are granted access to the MVS user ID of the servant.

  2. Cell-level security

    The second level, which is in effect whenever WebSphere Application Server security is enabled at the cell level, is required to protect WebSphere's administrative resources.

  3. Server security

    The third level, which is in effect whenever WebSphere Application Server security is enabled for a given server, is a set of authorization checking mechanisms that are required to control access to Java 2 Platform, Enterprise Edition (J2EE) applications for WebSphere Application Server. On a base server, the cell and server levels of security can be viewed as the same configuration.

When security is enabled, WebSphere Application Server administrative and J2EE authorizations can be performed using the identity authenticated with the configured user registry or repository.

When the user registry or repository is configured to be the local operating system, the operating system and WebSphere Application Server identities are the same. You can configure authorization to use either WebSphere Authorization, SAF Authorization, or a JACC External provider.




Subtopics
Summary of controls
Cluster authorizations
Related concepts
Administrative security
WebSphere Application Server security for z/OS
Related reference
Specifics about server process authorization checking
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 4:28:44 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-mp&topic=csecauthcheck
File name: csec_authcheck.html