Application registry definitions

Use this information to learn how to create users registries for certain applications.

An application registry definition is an entry in Enterprise Identity Mapping (EIM) that you create to describe and represent a subset of user identities that are defined in a system registry. These user identities share a common set of attributes or characteristics that allow them to use a particular application or set of applications. Application registry definitions represent user registries that exist within other user registries. For example, the z/OS^® Security Server (RACF^®) registry can contain specific user registries that are a subset of users within the overall RACF user registry. Because the of this relationship, you must specify the name of the parent system registry for any application registry definition that you create.

You can create an EIM application registry definition for a user registry when the user identities in the registry have the following traits:

• The user identities for an application is not stored in a user registry specific to the application.
• The user identities for an application is stored in a system registry that contains user identities for other applications.

EIM lookup operations perform correctly regardless of whether an EIM administrator creates an application or a system registry definition for a user registry. However, separate registry definitions allow mapping data to be managed on an application basis. The responsibility of managing application-specific mappings can be assigned to an administrator for a specific registry.

For example, Figure 7 shows how an EIM administrator created a system registry definition to represent a z/OS Security Server RACF registry. The administrator also created an application registry definition to represent the user identities within the RACF registry that use z/OS^(TM) UNIX^® System Services (z/OS UNIX). System C contains a RACF user registry that contains information for three user identities, DAY1, ANN1, and SMITH1. Two of these user identities (DAY1 and SMITH1) access z/OS UNIX on System C. These user identities are actually RACF users with unique attributes that identify them as z/OS UNIX users. Within the EIM registry definitions, the EIM administrator defined System_C_RACF to represent the overall RACF user registry. The administrator also defined System_C_UNIX to represent the user identities that have z/OS UNIX attributes.

Figure 7: EIM registry definitions for the RACF user registry and for users of z/OS UNIX