[Version 5.0.2 and later]When to use Connection Manager RunAs Identity Enabled

Specifying Connection Manager RunAs Identity Enabled allows you to use your resource manager's security policy to govern access control decisions made when Java 2 Platform, Enterprise Edition (J2EE) clients invoke a WebSphere application accessing the resource managed by that resource manager.

For example, if you have a preexisting Database 2 (DB2) for z/OS security policy that controls which users have access to which tables, you want to have that policy enforced when users access WebSphere applications that also access DB2 for z/OS. The J2EE identity (the client identity by default) rather than the operating system identity (server identity) is used to establish connections to DB2 for z/OS when Connection Manager RunAs Identity Enabled is selected. DB2 for z/OS table access for the application is determined using your preexisting DB2 for z/OS security policy based the application invocation.

Refer to Understanding Java 2 Platform, Enterprise Edition identities and operating system thread identities for more information about the identities discussed above.





Searchable topic ID:   csecwhenuseconnectmgrsync
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/csec_whenuseconnectmgrsync.html

Library | Support | Terms of Use | Feedback