This topic applies only on the z/OS operating system.

When to use application Synch to OS Thread Allowed

Specify application Synch to OS Thread Allowed to use the Java thread identity to access the non-WebSphere-managed resources accessed by your application.

As a result of exploiting the application Synch to OS Thread Allowed support, access control privileges associated with the current Java thread identity (not the access control privileges for the server identity) are applied when accessing these resources. (An example of a non-WebSphere-managed resource is the file system.)

Use application Synch to OS Thread Allowed to control file system access based on the Java thread identity. The default Java thread identity is the client identity, which is the user who invoked the application. The Java 2 Platform, Enterprise Edition (J2EE) RunAS role deployment descriptor settings can override this default to choose from other choices. These choices include the server identity or the specified role, such as a user ID (chosen by the application server) configured to be in the specified role. By running with the Java thread identity and specifying Synch to OS Thread Allowed, all file system access control decisions are based on the access privileges of the Java thread identity.

Application Synch to OS Thread Allowed is not relevant to container managed persistence (CMP) entity beans but Connection Management RunAs Identity Enabled might be relevant, depending on the JDBC Provider.




Related concepts
Application Synch to OS Thread Allowed
Connection Manager RunAs Identity Enabled and system security
Java 2 Platform, Enterprise Edition identity and an operating system thread identity
Java thread identity and an operating system thread identity
Concept topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 10:43:27 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v602web&product=was-nd-mp&topic=csecwhenuseappsynctoosthread
File name: csec_whenuseappsynctoosthread.html