ictxStorageMech - Identity Context Storage Mechanism Parameter

ictxStorageMech--Identity Context Storage Mechanism Parameter

This contains information about the storage mechanism that will be used to store and remove the identity context. See eServer Implementation Notes for details on platform-specific details.

Authorities and Locks

When the storage mechanism is EIM the following authorities and locks apply.

EIM Data

When storage mechanism is Enterprise Identity Mapping (EIM) then authority is required to the EIM data. Access to data is controlled by EIM access groups. LDAP administrators also have access to EIM data. The identity context is stored as credential data in EIM. Mapping lookup authority is required as well as authority to access credential data.

The access groups whose members have authority to the mapping lookup data for this API follow:

EIM Administrator
EIM Registries Administrator
EIM Identifiers Administrator
EIM Mapping Lookup
EIM authority to the __CTXREF_REG__ registry

The credential information for the target identity is considered security sensitive data. Access to this data is more strictly controlled. The access groups whose members have authority to the credential information follow:

EIM Administrator
EIM Credential Data

Note that the EIM Credential Data access group does not have access to the mapping lookup data. If a user is a member of the EIM Credential Data access group, then the user must also be a member of one of the access groups that has access to the mapping lookup data.

Structure layout

The layout for ictxStorageMech follows:

typedef struct ictxStorageMech
{
    enum ictxStorageMechFormat format;
    union
    {
        ictxStorageMechFormat0_t format0;
    } storageMech;
} ictxStorageMech_t;

Field Descriptions

format

Valid values for the format are:

enum ictxStorageMechFormat  {
    ICTX_STORAGE_MECH_EIM_0
};

When format is ICTX_STORAGE_MECH_EIM_0 (0), the storageMech field must contain an ictxStorageMechFormat0_t structure.

typedef struct ictxStorageMechFormat0
{
    EimHandle      * eimHandle;      /* Eim handle                   */
} ictxStorageMechFormat0_t;

eimHandle

The EIM handle returned by a previous call to eimCreateHandle(). A valid connection is required for this function.

eServer Implementation Notes

AIX implementation details:
- None.
Linux implementation details:
- None.
i5/OS implementation details:
- For the EIM storage mechanism, the eimHandle parameter may be NULL. If NULL is supplied then the EIM information configured for the system is used. The user is required to have *ALLOBJ and *SECADM authority to use that data.
Windows implementation details:
- None.
z/OS implementation notes:
- None.

Top | Security APIs | APIs by category