A security domain definition in z/OS provides
WebSphere Application Server for z/OS with a set of cell-wide z/OS Security
Server (RACF) security definitions.
Note: The cells involved might be stand-alone
application server cells, Network Deployment cells, or both.
A security
domain definition includes the following:
- Common definitions for administrative users and groups
- X509 Digital Certificate Authorities, to ensure SSL communication
- SAF groups to which servers belong
- Authorization profiles
You can use multiple security domains to isolate WebSphere Application
Server for z/OS cells from one another within a sysplex. For example, you
should create separate security domains for cells that require different groups
of users to have administrative authority.
If you plan to use SAF to
control access to J2EE roles by way of the EJBROLE class, you might want to
define a security domain identifier as part of the security domain definition.
This causes role names to be prefixed with the security domain identifier.