Authorization checking

Each controller, servant, and client must be associated with an MVS™ user ID. When a request flows from a client to the server or from a server to another server, WebSphere® Application Server for z/OS® passes the user identity (client or server) with the request. This way, each request is performed on behalf of the user identity and the system checks to see if the user identity has the authority to make such a request.

When security is enabled, WebSphere Application Server administrative and Java™ EE authorizations can be performed using the identity authenticated with the configured user registry or repository.

When the user registry or repository is configured to be the local operating system, the operating system and WebSphere Application Server identities are the same. You can configure authorization to use either WebSphere Authorization, System Authorization Facility (SAF) authorization, or a Java Authorization Contract for Containers (JACC) external provider.




Subtopics
Summary of controls
Cluster authorizations
Related concepts
Administrative security
WebSphere Application Server security for z/OS
Related reference
Server process authorization checking
Concept topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 12:21:29 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-zos&topic=csecauthcheck
File name: csec_authcheck.html