A security domain definition in z/OS provides WebSphere Application
Server for z/OS with a set of cell-wide z/OS Security Server (RACF) security
definitions.
Note: The cells involved might be stand-alone application server
cells, Network Deployment cells, or both.
A security domain definition
includes the following:
- Common definitions for administrative users and groups
- SAF groups to which servers belong
You can use multiple security domains to isolate WebSphere Application
Server for z/OS cells from one another within a sysplex. For example, you
should create separate security domains for cells that require different groups
of users to have administrative authority.
If you plan to use SAF to
control access to J2EE roles by way of the EJBROLE class, you might want to
define a security domain identifier as part of the security domain definition.
This causes role names to be prefixed with the security domain identifier.