--- title: IBM RACF connector description: IBM Resource Access Control Facility (RACF) is an access control system for IBM mainframes running z/OS. The RACF connector lets you manage and synchronize accounts between RACF and IDM managed user objects. A RACF administrator account is required for this connector to work. component: openicf page_id: openicf:connector-reference:racf canonical_url: https://docs.pingidentity.com/openicf/connector-reference/racf.html section_ids: before_you_start: Before you start install_a_signed_certificate: Install a signed certificate install_the_racf_connector: Install the RACF connector configure_the_racf_connector: Configure the RACF connector test_the_racf_connector: Test the RACF connector racf_remote_connector: RACF remote connector config-connection-pooling-racf: Configure connection pooling racf-segments: RACF segments and attributes account_attributes: Account attributes group_attributes: Group attributes use_the_racf_connector: Use the RACF connector users: Users groups: Groups implemented-interfaces-org-forgerock-openicf-connectors-racf-RacfConnector-1.5.20.34: OpenICF Interfaces Implemented by the RACF Connector config-properties-org-forgerock-openicf-connectors-racf-RacfConnector-1.5.20.34: RACF Connector Configuration configuration-properties-org-forgerock-openicf-connectors-racf-RacfConnector-1.5.20.34: Configuration properties --- # IBM RACF connector IBM Resource Access Control Facility (RACF) is an access control system for IBM mainframes running z/OS. The RACF connector lets you manage and synchronize accounts between RACF and IDM managed user objects. A RACF administrator account is required for this connector to work. ## Before you start | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The User ID and Password combination you use for connector setup must have access to the `/rseapi/api/v1/tso` RACF endpoint and be able to perform the following RACF commands:- `SEARCH` - `LISTUSER` - `ADDUSER` - `ALTUSER` - `DELUSER` - `LISTGRP` - `ADDGROUP` - `ALTGROUP` - `DELGROUP` | Before you configure the connector, log in to your RACF administrator account and note the following: * Host name The domain name or IP address of the host where RACF is running. * Port The port RACF is configured to use. * User ID The RACF administrator user ID. * Password The password for the RACF administrator account. * Segments A list of RACF user profile segments that are supported. Refer to [RACF segments and attributes](#racf-segments) for a list of available segments. * Accept self-signed certificates A boolean determining whether RACF is configured to allow self-signed certificates. This should usually be `false` in production environments, but may be `true` during development. * Client certificate alias Alias name for the client certificate. * Client certificate password Password for the client certificate. ## Install a signed certificate You can install a signed certificate to access the ZD\&T Enterprise Edition web server. To generate your own pkcs12 keystore (`zdtkey.p12`) containing the certificate and add the encrypted password to the `server.env` file, do the following: 1. Check your installed web server's installation directory. For example, `/opt/ibm/zDT` is the default installation directory, but you can specify your own installation directory during the installation process. 2. Generate `zdtkey.p12` and place it in the `/path/to/zDT/zDTServer/resources/security`. ```console openssl pkcs12 -export -out zdtkey.p12 -inkey cert.key -in cert.crt -password pass:$passcert ``` 3. Modify the encrypted key store password: 1. Get the value of `wlp.password.encryption.key` in the `/path/to/zDT/zDTServer/resources/security/bootstrap.properties`. 2. Run the following command where you installed the web server: ```console /path/to/zDT/Liberty/bin/securityUtility encode --encoding=aes --key= ``` | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | To run `securityUtility` successfully, the Java path must be set. For more information, refer to [Java requirements](https://docs.pingidentity.com/pingidm/8/install-guide/verify-java.html#constructing-queries). | 3. Modify the `/path/to/zDT/Liberty/usr/servers/zDTServer/server.env` file with your encoded password value. For example: ``` POSTGRES_SERVER=xxx POSTGRES_PORT=5432 ... KEYSTORE_PASSWORD={aes}AG6i...JiS0p ``` ## Install the RACF connector | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To check for an Advanced Identity Cloud application for this connector, refer to:- [Application management](https://docs.pingidentity.com/pingoneaic/latest/app-management/applications.html) - [App catalog](https://docs.pingidentity.com/pingoneaic/latest/app-management/app-catalog.html) | You can download any connector from [Backstage](https://backstage.forgerock.com/downloads/browse/idm/featured/connectors), but some are included in the default deployment for Advanced Identity Cloud, IDM, or RCS. When using an included connector, you can skip installing it and move directly to configuration. **Connector included in default deployment** | Connector | IDM | RCS | | --------------------- | ----------------------- | ------------------------ | | [IBM RACF](racf.html) | [icon: times, set=fa]No | [icon: check, set=fa]Yes | Download the connector .jar file from [Backstage](https://backstage.forgerock.com/downloads/browse/idm/featured/connectors). * If you're running the connector locally, place it in the `/path/to/openidm/connectors` directory, for example: ``` mv ~/Downloads/racf-connector-1.5.20.34.jar /path/to/openidm/connectors/ ``` * If you're using a remote connector server (RCS), place it in the `/path/to/openicf/connectors` directory on the RCS. ## Configure the RACF connector Create a connector configuration using the IDM admin UI: 1. From the navigation bar, click Configure > Connectors. 2. On the Connectors page, click New Connector. 3. On the New Connector page, type a Connector Name. 4. From the Connector Type list, select RACF Connector - 1.5.20.34. 5. Complete the Base Connector Details and any applicable Additional Options. | | | | - | -------------------------------------------------------------------------------------------------------------- | | | For a list of all configuration properties, refer to [RACF Connector Configuration](#racf-config-prop-ezLink). | 6. Click Save. When your connector is configured correctly, the connector displays as Active in the admin UI. Refer to [this procedure](configure-connector.html#connector-wiz-REST) to create a connector configuration over REST. ### Test the RACF connector You can test the configuration is correct by running the following command: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system/racf?_action=test" { "name": "racf", "enabled": true, "config": "config/provisioner.openicf/racf", "connectorRef": { "bundleVersion": "[1.5.0.0,1.6.0.0)", "bundleName": "org.forgerock.openicf.connectors.racf-connector", "connectorName": "org.forgerock.openicf.connectors.racf.RacfConnector" }, "displayName": "RACF Connector", "objectTypes": [ "__ACCOUNT__", "__ALL__", "__GROUP__" ], "ok": true } ``` If the command returns `"ok": true`, your connector was configured correctly, and can authenticate to the RACF system. ### RACF remote connector If you want to run this connector outside of PingOne Advanced Identity Cloud or IDM, you can configure the RACF connector as a remote connector. Java Connectors installed remotely on a Java Connector Server function identically to those bundled locally within PingOne Advanced Identity Cloud or installed locally on IDM. You can download the RACF connector [from here](https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors). Refer to [Remote connectors](remote-connector.html) for configuring the RACF remote connector. ### Configure connection pooling The RACF connector supports [HTTP pooling](pooling.html#http-pooling), which can substantially improve the performance of the connector. Learn more about the basic connection pooling configuration and different pooling mechanisms described in [Connection pooling configuration](pooling.html). ## RACF segments and attributes The following tables list available attributes by segment. Attributes listed in the `BASE` segment are available by default. To use any other attributes, include the segment name in the list of segments in the RACF connector configuration. User accounts and groups support create, update, query, and delete actions. ### Account attributes The following attributes are available to the `__ACCOUNT__` resource object: > **Collapse: segment** > > | Attribute | Description | > | -------------- | ------------------------------------------------------------------------------------------------------- | > | `userId` | The user's ID. Required. | > | `__NAME__` | The user's system name. Must match `userID`. Required. | > | `NAME` | The user's name. | > | `OWNER` | Owner of the user's profile. | > | `DFLTGRP` | User's default group. | > | `AUTHORITY` | User's authority in the default group. | > | `__PASSWORD__` | User's password. | > | `PHRASE` | Optional password phrase. | > | `REVOKE` | Expiration date for the user's system access. | > | `RESUME` | Date the user's system access is restored. | > | `WHEN` | Days of the week and hours of the day the user has access to the system. | > | `CLAUTH` | Classes in which the user can define profiles. | > | `MODEL` | Name of the data model profile used when creating new data profiles (either generic or discrete). | > | `GROUP` | The group the user belongs to. | > | `SECLABEL` | The user's default security label. | > | `GRPACC` | Whether other group members have access to any other group set the user protects. | > | `RESTRICTED` | Indicates that when checking global access, the account will not be used to allow access to a resource. | > | `AUDITOR` | Gives the user the system-wide auditor attribute. | > | `OPERATIONS` | Gives the user the system-wide operations attribute. | > | `SPECIAL` | Gives the user the system-wide special attribute. | > | `ADSP` | Indicates all permanent data sets this user creates should be discrete profiles in RACF. | > **Collapse: segment** > > | Attribute | Description | > | -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | `CICS_OPCLASS` | The classes the user is assigned in CICS. Determines which basic mapping support (BMS) messages are routed to the user. Represented as a number ranging from `01` to `24`. | > | `CICS_OPIDENT` | A 1-3 character identification of the user for use by BMS. | > | `CICS_OPPRTY` | The number (`0` to `255`) that represents the priority of the user. | > | `CICS_RSLKEY` | The resource security level (RSL) keys assigned to the user. | > | `CICS_TIMEOUT` | The time in hours and minutes (either `HMM` or `HHMM` format) that the operator is allowed to be idle before being signed out. | > | `CICS_TSLKEY` | The transaction security level (TLS) keys assigned to the user. | > | `CICS_XRFSOFF` | Indicates whether the user should be signed out when an XRF takeover occurs. | > **Collapse: segment** > > | Attribute | Description | > | --------------- | --------------------------------------------------------------------------------------------- | > | `DCE_AUTOLOGIN` | Single Sign On (SSO) processing. Either `YES` or `NO`. | > | `DCE_DCENAME` | The user's DCE principal name. | > | `DCE_HOMECELL` | The user's DCE home cell. | > | `DCE_HOMEUUID` | Defines the mapping between the user's RACF user ID and the corresponding DCE principal UUID. | > | `DCE_UUID` | The user's principal DCE UUID. | > **Collapse: segment** > > | Attribute | Description | > | -------------- | ----------------------------------------------------------------------------------------------------- | > | `DFP_DATAAPPL` | The user's DFP data application identifier. | > | `DFP_DATACLAS` | The user's default data class for attributes used during allocation of any new data sets. | > | `DFP_MGMTCLAS` | The user's default management class for attributes used in managing a data set after it is allocated. | > | `DFP_STORCLAS` | The user's default storage class for logical storage attributes. | > **Collapse: segment** > > | Attribute | Description | > | ---------------- | --------------------------------------------------------------------------------------------------------- | > | `KERB_ENCRYPT` | The user's encryption key types. Available values include: `DES`, `DES3`, `DESD`, `AES128`, and `AES256`. | > | `KERB_KERBNAME` | The user's local principal name. The value specified must be unique. | > | `KERB_MAXTKTLFE` | The maximum Kerberos ticket life specified in seconds. Note that `0` is not a valid value. | > **Collapse: segment** > > | Attribute | Description | > | -------------------- | ------------------------------ | > | `LANGUAGE_PRIMARY` | The user's primary language. | > | `LANGUAGE_SECONDARY` | The user's secondary language. | > **Collapse: segment** > > | Attribute | Description | > | -------------- | ------------------------------------------------------- | > | `LNOTES_SNAME` | The user's short name for use with Lotus Notes in z/OS. | > **Collapse: segment** > > | Attribute | Description | > | ----------- | ------------------------------------------------------- | > | `NDS_UNAME` | The user's name for use with Novell Directory Services. | > **Collapse: segment** > > | Attribute | Description | > | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | `NETVIEW_CONSNAME` | Master Console Station (MCS) console identifier. The console name value is an identifier 1-8 characters in length whose validity is checked by MVS processing. | > | `NETVIEW_CTL` | Specifies whether a security check is performed for this user. Either `GLOBAL`, `GENERAL`, or `SPECIFIC`. | > | `NETVIEW_DOMAINS` | The domain identifier for any domains where the user can start a cross-domain session. | > | `NETVIEW_IC` | The initial command or list of commands to be executed by NetView when the user logs in. | > | `NETVIEW_MSGRECVR` | Indicates whether the user can receive unsolicited messages. | > | `NETVIEW_NGMFADMN` | Indicates whether the user can use the NetView graphic monitor facility. | > | `NETVIEW_OPCLASS` | NetView scope classes the user has authority with. The class value is a number from `1` to `2040`. | > **Collapse: segment** > > | Attribute | Description | > | ------------------ | ------------------------------------------------------------ | > | `OMVS_ASSIZEMAX` | The user's z/OS maximum address space size. | > | `OMVS_CPUTIMEMAX` | The user's z/OS maximum CPU time allowed. | > | `OMVS_FILEPROCMAX` | The user's z/OS maximum number of files allowed per process. | > | `OMVS_HOME` | The user's z/OS home directory path. | > | `OMVS_MEMLIMIT` | The user's z/OS non-shared memory size limit. | > | `OMVS_MMAPAREAMAX` | The user's z/OS maximum memory map size. | > | `OMVS_PROCUSERMAX` | The user's maximum number of processes per UID in z/OS. | > | `OMVS_PROGRAM` | The user's z/OS path name, such as a default shell program. | > | `OMVS_SHMEMMAX` | The user's z/OS maximum shared memory size. | > | `OMVS_THREADSMAX` | The user's z/OS maximum number of threads per process. | > | `OMVS_UID` | The user's z/OS user ID. | > **Collapse: segment** > > | Attribute | Description | > | --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | `OPERPARM_ALTGRP` | Alternative console group used for recovery. | > | `OPERPARM_AUTH` | The user's command authority. | > | `OPERPARM_CMDSYS` | Name of the system to which the user is connected for command processing. | > | `OPERPARM_DOM` | Indicates whether the console can receive delete operator message (DOM) requests. | > | `OPERPARM_HC` | Indicates whether this console should receive all messages that are directed to hardcopy. | > | `OPERPARM_INTIDS` | Indicates whether or not a console should receive messages directed to the internal console. | > | `OPERPARM_KEY` | Indicates a data retrieval key used to search for user consoles using the `DISPLAY CONSOLES` command. | > | `OPERPARM_LEVEL` | Message level the user should receive. Available values include `R`, `I`, `CE`, `E`, `IN`, `NB`, or `ALL`. If you specify `ALL`, you cannot specify `R`, `I`, `CE`, `E`, or `IN`. | > | `OPERPARM_LOGCMDRESP` | Indicates whether command responses received by the user are logged. | > | `OPERPARM_MFORM` | Specifies the format messages are displayed in. Available values include `J`, `M`, `S`, `T`, and `X`. | > | `OPERPARM_MIGID` | Indicates whether the user should receive a migration console ID. | > | `OPERPARM_MONITOR` | List of events the user can monitor. | > | `OPERPARM_MSCOPE` | List of the systems this console can receive unsolicited messages from. | > | `OPERPARM_ROUTCODE` | Routing codes for messages this console receives. | > | `OPERPARM_STORAGE` | The amount of virtual storage (in megabytes) the console is allowed for message queuing. | > | `OPERPARM_UD` | Specifies whether this console should receive undelivered messages. | > | `OPERPARM_UNKNIDS` | Indicates whether a console should receive messages directed to unknown console IDs. | > **Collapse: segment** > > | Attribute | Description | > | ------------- | --------------------------------------------------------------------------------- | > | `OVM_UID` | The user's OpenExtensions for z/VM user ID. | > | `OVM_FSROOT` | The user's OpenExtensions for z/VM file system root directory path. | > | `OVM_HOME` | The user's OpenExtensions for z/VM home directory path. | > | `OVM_PROGRAM` | The user's OpenExtensions for z/VM program path, such as a default shell program. | > **Collapse: segment** > > | Attribute | Description | > | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | > | `PROXY_LDAPHOST` | The URL of the LDAP server which the z/OS LDAP server contacts when acting as a proxy. An LDAP URL has a format such as `ldap://123.45.6:389` or `ldaps://123.45.6:636`. | > | `PROXY_BINDDN` | The distinguished name (DN) which the z/OS LDAP server uses when acting as a proxy. A DN is made using comma-separated attribute value pairs. | > **Collapse: segment** > > | Attribute | Description | > | --------------- | ----------------------------------------------- | > | `TSO_ACCTNUM` | The user's default TSO account number. | > | `TSO_HOLDCLASS` | The user's default hold class. | > | `TSO_JOBCLASS` | The user's default job class. | > | `TSO_MAXSIZE` | The user's maximum region size. | > | `TSO_MSGCLASS` | The user's default message class. | > | `TSO_PROC` | The name of the user's default login procedure. | > | `TSO_SIZE` | The user's default region size. | > **Collapse: segment** > > | Attribute | Description | > | ------------------ | ------------------------ | > | `WORKATTR_WANAME` | User name on `SYSOUT`. | > | `WORKATTR_WABLDG` | Building on `SYSOUT`. | > | `WORKATTR_WADEPT` | Department on `SYSOUT`. | > | `WORKATTR_WAROOM` | Room on `SYSOUT`. | > | `WORKATTR_WAADDR1` | `SYSOUT` address line 1. | > | `WORKATTR_WAADDR2` | `SYSOUT` address line 2. | > | `WORKATTR_WAADDR3` | `SYSOUT` address line 3. | > | `WORKATTR_WAADDR4` | `SYSOUT` address line 4. | > | `WORKATTR_WAACCNT` | Account number. | > | `WORKATTR_WAEMAIL` | User email address. | ### Group attributes The following attributes are available to the `__GROUP__` resource object: > **Collapse: Segment** > > | Attribute | Description | > | ----------- | ------------------------------------------------------------------------------------------------------------------ | > | `GID` | Group ID. | > | `NAME` | Group name. | > | `OWNER` | Group owner. | > | `MODEL` | Data set model profile to use when creating new data profiles, either generic or discrete. | > | `SUPGROUP` | Group's superior group. | > | `TERMUACC` | RACF allows any user in this group to access a terminal based on the universal access authority for that terminal. | > | `UNIVERSAL` | Universal groups allow an effectively unlimited number of users to be connected. | > | `DATA` | Installation-defined data stored in the group profile. | > **Collapse: segment** > > | Attribute | Description | > | --------- | ----------------- | > | `OVM_GID` | Group identifier. | > **Collapse: segment** > > | Attribute | Description | > | ---------- | ----------------- | > | `OMVS_GID` | Group identifier. | > **Collapse: segment** > > | Attribute | Description | > | -------------- | -------------------------------- | > | `DFP_DATACLAS` | Default data class. | > | `DFP_MGMTCLAS` | Default management class. | > | `DFP_STORCLAS` | Default storage class. | > | `DFP_DATAAPPL` | DFP data application identifier. | > **Collapse: segment** > > | Attribute | Description | > | ----------- | ----------------------------------- | > | `TME_ROLES` | Group profile Tivoli security role. | ## Use the RACF connector You can use the RACF connector to perform the following actions: ### Users | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | * When you create a new user, you must specify *at least* `__NAME__` and `userId`. Refer to the [list of available attributes](#racf-segments) for more information. * The length of `userId` must be 1-8 characters and can consist of any combination of: * Uppercase letters `A`-`Z` * Numbers `0`-`9` * `#` (`X'7B'`) * `$` (`X'5B'`) * `@` (`X'7C'`) * `__NAME__` can be a maximum of 20 characters consisting of alphanumeric and non-alphanumeric characters. | > **Collapse: Create a RACF user** > > The following example creates a user with the minimum required attributes: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --request POST \ > --data '{ > "__NAME__": "BJENSEN", > "userId": "BJENSEN" > }' \ > "http://localhost:8080/openidm/system/racf/__ACCOUNT__?_action=create" > { > "_id": "BJENSEN", > "NAME": "UNKNOWN", > "LAST-ACCESS": "UNKNOWN", > "DFLTGRP": "SYS1", > "WHEN": { > "DAYS": "ANYDAY", > "TIME": "ANYTIME" > }, > "PASS-INTERVAL": "N/A", > "PHRASEDATE": "N/A", > "__NAME__": "BJENSEN", > "__ENABLE__": true, > "SECLABEL": "NONE SPECIFIED", > "userId": "BJENSEN", > "ATTRIBUTES": [ > "PROTECTED" > ], > "PASSDATE": "N/A", > "SECLEVEL": "NONE SPECIFIED", > "__GROUP__": [ > { > "GROUP": "SYS1", > "OWNER": "IBMUSER", > "AUTH": "USE", > "UACC": "NONE" > } > ], > "OWNER": "IBMUSER" > } > ``` > > The following example creates a user with additional attributes: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --request POST \ > --data '{ > "__NAME__": "Anto", > "userId": "Anto", > "__PASSWORD__": "Rvts1234", > "__ENABLE__": true, > "NAME": "Anto Monisha", > "ATTRIBUTES": [ > "SPECIAL", > "AUDITOR" > ], > "DFLTGRP": "IAM", > "MODEL": "USER", > "__GROUP__": [ > "SYS1" > ], > "OWNER": "Z1", > "CLAUTH": [ > "TERMINAL", > "TAPEVOL" > ], > "PROXY_LDAPHOST": "LDAP://12.34.567.89:389", > "PROXY_BINDDN": "PATRICIA", > "CICS_XRFSOFF": "NOFORCE", > "CICS_TIMEOUT": "10", > "CICS_OPCLASS": "2", > "CICS_OPIDENT": "2", > "CICS_TSLKEY": "99", > "CICS_RSLKEY": "99", > "CICS_OPPRTY": "5", > "DCE_DCENAME": "TEST200", > "DCE_HOMECELL": "/.../elvis.memphis.ibm.com", > "DCE_HOMEUUID": "003456ab-ecb7-7de3-ebda-95531ed63dae", > "DCE_UUID": "004386ea-ebb6-1ec3-bcae-10005ac90feb", > "DCE_AUTOLOGIN": "No", > "KERB_ENCRYPT": [ > "DES", > "DES3", > "DESD", > "NOAES128", > "AES128SHA2", > "AES256SHA2" > ], > "KERB_KERBNAME": "KRBSEG002.SEC.COM", > "KERB_MAXTKTLFE": "96400", > "NETVIEW_CONSNAME": "CNSOLE06", > "NETVIEW_CTL": "SPECIFIC", > "NETVIEW_DOMAINS": "FR", > "NETVIEW_IC": "NETVIEWCOMMAND", > "NETVIEW_MSGRECVR": "YES", > "NETVIEW_NGMFADMN": "YES", > "NETVIEW_OPCLASS": "1", > "DFP_DATAAPPL": "DFP4APPL", > "DFP_DATACLAS": "DFP4DATA", > "DFP_MGMTCLAS": "DFP4MGMT", > "DFP_STORCLAS": "DFP4STOR", > "TSO_ACCTNUM": "98655TT", > "TSO_PROC": "TSOPROC3", > "TSO_JOBCLASS": "Z", > "TSO_HOLDCLASS": "X", > "TSO_MSGCLASS": "Q", > "TSO_SYS": "X", > "TSO_MAXSIZE": "15000", > "TSO_SIZE": "2500", > "WHEN": { > "DAYS": "WED", > "TIME": "0800:1800" > }, > "LNOTES_SNAME": "anto01", > "NDS_UNAME": "anto01", > "LANGUAGE_PRIMARY": "ENU", > "LANGUAGE_SECONDARY": "DEU", > "OVM_UID": 280, > "OVM_FSROOT": "123", > "OVM_HOME": "/u/pat", > "OVM_PROGRAM": "/bin/sh" > }' \ > "http://localhost:8080/openidm/system/racf/__ACCOUNT__?_action=create" > { > "_id": "ANTO", > "TSO_MSGCLASS": "Q", > "NAME": "ANTO MONISHA", > "CICS_RSLKEY": 99, > "NETVIEW_OPCLASS": 1, > "OWNER": "Z1", > "DFLTGRP": "IAM", > "SECLABEL": "NONE SPECIFIED", > "TSO_SIZE": 2500, > "SECLEVEL": "NONE SPECIFIED", > "DFP_DATAAPPL": "DFP4APPL", > "MODEL": "USER", > "__ENABLE__": true, > ... > } > ``` > **Collapse: Update a RACF user** > > You can modify an existing user with a PUT request, including all attributes of the account in the request. For a list of attributes, refer to [RACF segments and attributes](#racf-segments). > > You can't modify any of the following attributes: > > * `userId` > > * `__NAME__` > > * `DFLTGRP` > > * `SECLEVEL` > > * `SECLABEL` > > * `LAST-ACCESS` > > * `PASS-INTERVAL` > > * `PHRASEDATE` > > * `PASSDATE` > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --header "If-Match:*" \ > --request PUT \ > --data '{ > "__PASSWORD__": "Rvts1234", > "__ENABLE__": true, > "NAME": "Monisha Vincer", > "RESUME": null, > "REVOKE": null, > "__GROUP__": [ > "IAM", > "EMPLOYEE" > ], > "ATTRIBUTES": [ > "SPECIAL", > "AUDITOR" > ], > "MODEL": "RACF.ACCESS", > "OWNER": "IBMUSER", > "CLAUTH": [ > "TAPEVOL" > ], > "PROXY_LDAPHOST": "LDAP://12.34.567.89:389", > "PROXY_BINDDN": "IBMUSER", > "CICS_XRFSOFF": "NOFORCE", > "CICS_TIMEOUT": "10", > "CICS_OPCLASS": "2", > "CICS_OPIDENT": "3", > "CICS_TSLKEY": "99", > "CICS_RSLKEY": "99", > "CICS_OPPRTY": "5", > "DCE_DCENAME": "TEST200", > "DCE_HOMECELL": "/.../elvis.memphis.ibm.com", > "DCE_HOMEUUID": "003456ab-ecb7-7de3-ebda-95531ed63dae", > "DCE_UUID": "004386ea-ebb6-1ec3-bcae-10005ac90feb", > "DCE_AUTOLOGIN": "No", > "KERB_ENCRYPT": [ > "DES", > "DES3", > "DESD", > "AES128", > "AES128SHA2", > "AES256SHA2" > ], > "KERB_KERBNAME": "KRBSEG002.SEC.COM", > "KERB_MAXTKTLFE": "96400", > "NETVIEW_CONSNAME": "CNSOLE06", > "NETVIEW_CTL": "SPECIFIC", > "NETVIEW_DOMAINS": "SK", > "NETVIEW_IC": "NETVIEWCOMMAND", > "NETVIEW_MSGRECVR": "YES", > "NETVIEW_NGMFADMN": "YES", > "NETVIEW_OPCLASS": "1", > "DFP_DATAAPPL": "DFP4APPL", > "DFP_DATACLAS": "DFP4DATA", > "DFP_MGMTCLAS": "DFP4MGMT", > "DFP_STORCLAS": "DFP4STOR", > "TSO_ACCTNUM": "98655TT", > "TSO_PROC": "TSOPROC3", > "TSO_JOBCLASS": "Z", > "TSO_HOLDCLASS": "X", > "TSO_MSGCLASS": "Q", > "TSO_SYS": "X", > "TSO_MAXSIZE": "15000", > "TSO_SIZE": "2500", > "WHEN": { > "DAYS": "WED", > "TIME": "0800:1800" > }, > "LNOTES_SNAME": "antovincer01", > "NDS_UNAME": "antovincer01", > "LANGUAGE_PRIMARY": "ENU", > "LANGUAGE_SECONDARY": "DEU", > "OVM_UID": 281, > "OVM_FSROOT": "123", > "OVM_HOME": "/u/pat1", > "OVM_PROGRAM": "/bin/sh" > }' \ > "http://localhost:8080/openidm/system/racf/__ACCOUNT__/ANTO" > { > "_id": "ANTO", > "TSO_MSGCLASS": "Q", > "NAME": "MONISHA VINCER", > "CICS_RSLKEY": 99, > "NETVIEW_OPCLASS": 1, > "OWNER": "IBMUSER", > "DFLTGRP": "IAM", > "SECLABEL": "NONE SPECIFIED", > "TSO_SIZE": 2500, > "SECLEVEL": "NONE SPECIFIED", > "DFP_DATAAPPL": "DFP4APPL", > "MODEL": "RACF.ACCESS", > "__ENABLE__": true, > "NETVIEW_CTL": "SPECIFIC", > "__NAME__": "ANTO", > "KERB_ENCRYPT": [ > "DES", > "DES3", > "DESD", > "AES128", > "AES256", > "AES128SHA2", > "AES256SHA2" > ], > "ATTRIBUTES": [ > "SPECIAL", > "AUDITOR" > ], > "PROXY_BINDDN": "IBMUSER", > "DCE_AUTOLOGIN": "NO", > "NETVIEW_DOMAINS": "SK", > "DFP_MGMTCLAS": "DFP4MGMT", > "DCE_HOMECELL": "/.../elvis.memphis.ibm.com", > "KERB_KERBNAME": "KRBSEG002.SEC.COM", > "CLAUTH": [ > "TERMINAL", > "TAPEVOL" > ], > "LANGUAGE_PRIMARY": "ENU", > "NETVIEW_NGMFADMN": "YES", > "CICS_OPCLASS": 2, > "DCE_HOMEUUID": "003456ab-ecb7-7de3-ebda-95531ed63dae", > "CICS_XRFSOFF": "NOFORCE", > "TSO_MAXSIZE": 15000, > "OVM_FSROOT": "123", > "TSO_PROC": "TSOPROC3", > "DFP_DATACLAS": "DFP4DATA", > "userId": "ANTO", > "NDS_UNAME": "antovincer01", > "PHRASEDATE": "N/A", > "TSO_ACCTNUM": "98655TT", > "PASSDATE": "00.000", > "TSO_SYS": "X", > "DCE_UUID": "004386ea-ebb6-1ec3-bcae-10005ac90feb", > "TSO_JOBCLASS": "Z", > "OVM_UID": 281, > "PROXY_LDAPHOST": "LDAP://12.34.567.89:389", > "DFP_STORCLAS": "DFP4STOR", > "CICS_TSLKEY": 99, > "LAST-ACCESS": "22.181/23:34:59", > "TSO_HOLDCLASS": "X", > "NETVIEW_IC": "NETVIEWCOMMAND", > "LANGUAGE_SECONDARY": "DEU", > "NETVIEW_MSGRECVR": "YES", > "WHEN": { > "DAYS": "WED.", > "TIME": "08:00 - 18:00" > }, > "KERB_MAXTKTLFE": 96400, > "CICS_TIMEOUT": "00:10 (HH:MM)", > "NETVIEW_CONSNAME": "CNSOLE06", > "OVM_HOME": "/u/pat1", > "CICS_OPIDENT": "3", > "__GROUP__": [ > "IAM", > "EMPLOYEE" > ], > "DCE_DCENAME": "TEST200", > "CICS_OPPRTY": 5, > "PASS-INTERVAL": "180", > "LNOTES_SNAME": "antovincer01", > "OVM_PROGRAM": "/bin/sh" > } > ``` > **Collapse: Query RACF users** > > The following example queries all RACF users: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --request GET \ > "http://localhost:8080/openidm/system/racf/__ACCOUNT__?_queryId=query-all-ids" > { > "result": [ > { > "_id": "ADCDY" > }, > { > "_id": "ADCDZ" > }, > { > "_id": "BJENSEN" > }, > { > "_id": "BPXOINIT" > }, > { > "_id": "CEA" > }, > { > "_id": "CFZSRV" > }, > { > "_id": "CICSUSER" > }, > { > "_id": "DANY101" > }, > { > "_id": "DANY102" > }, > { > "_id": "ZOSCAGL" > }, > { > "_id": "ZOSCSRV" > }, > { > "_id": "ZOSMFAD" > }, > { > "_id": "ZOSUGST" > }, > { > "_id": "ZWESIUSR" > }, > { > "_id": "ZWESVUSR" > }, > ... > ], > "resultCount": 162, > "pagedResultsCookie": null, > "totalPagedResultsPolicy": "NONE", > "totalPagedResults": -1, > "remainingPagedResults": -1 > } > ``` > > The following command queries a specific user by their ID: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --request GET \ > "http://localhost:8080/openidm/system/racf/__ACCOUNT__/ANTO" > { > "_id": "ANTO", > "TSO_MSGCLASS": "Q", > "NAME": "MONISHA VINCER", > "CICS_RSLKEY": 99, > "NETVIEW_OPCLASS": 1, > "OWNER": "IBMUSER", > "OMVS_UID": 290, > "DFLTGRP": "IAM", > "SECLABEL": "NONE SPECIFIED", > "OPERPARM_HC": "NO", > "TSO_SIZE": 2500, > "SECLEVEL": "NONE SPECIFIED", > "DFP_DATAAPPL": "DFP4APPL", > "OPERPARM_DOM": "NORMAL", > "MODEL": "RACF.ACCESS", > "OPERPARM_ROUTCODE": "ALL", > "__ENABLE__": true, > "OMVS_ASSIZEMAX": 10485769, > "NETVIEW_CTL": "SPECIFIC", > "__NAME__": "ANTO", > ... > } > ``` > **Collapse: Reset a RACF account password** > > To reset the password for a RACF user account, use the connector to change the user's password: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --header "if-Match:*" \ > --request PATCH \ > --data '{ > "__PASSWORD__": "Rvts123" > }' \ > "http://localhost:8080/openidm/system/racf/__ACCOUNT__/ANTO" > { > "_id": "ANTO", > "TSO_MSGCLASS": "Q", > "NAME": "ANTO MONISHA", > "CICS_RSLKEY": 99, > "NETVIEW_OPCLASS": 1, > "OWNER": "Z1", > "DFLTGRP": "IAM", > "SECLABEL": "NONE SPECIFIED", > "TSO_SIZE": 2500, > "SECLEVEL": "NONE SPECIFIED", > "DFP_DATAAPPL": "DFP4APPL", > "MODEL": "USER", > "__ENABLE__": true, > ... > } > ``` > > | | | > | - | ----------------------------------------------------------------------------------------------------- | > | | While the `__PASSWORD__` field is not returned as part of the response, the user object *is* updated. | > **Collapse: Activate a RACF account** > > The following example activates a user with the minimum required attribute: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --header "If-Match:*" \ > --request PUT \ > --data '{ > "__ENABLE__": true > }' \ > "http://localhost:8080/openidm/system/racf/__ACCOUNT__/ANTO" > { > "_id": "ANTO", > "TSO_MSGCLASS": "Q", > "NAME": "ANTO MONISHA", > "CICS_RSLKEY": 99, > "NETVIEW_OPCLASS": 1, > "OWNER": "Z1", > "DFLTGRP": "IAM", > "SECLABEL": "NONE SPECIFIED", > "TSO_SIZE": 2500, > "SECLEVEL": "NONE SPECIFIED", > "DFP_DATAAPPL": "DFP4APPL", > "MODEL": "USER", > "__ENABLE__": true, > ... > } > ``` > **Collapse: Deactivate a RACF account** > > The following example activates a user with the minimum required attribute: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --header "If-Match:*" \ > --request PUT \ > --data '{ > "__ENABLE__": false > }' \ > "http://localhost:8080/openidm/system/racf/__ACCOUNT__/ANTO" > { > "_id": "ANTO", > "TSO_MSGCLASS": "Q", > "NAME": "ANTO MONISHA", > "CICS_RSLKEY": 99, > "NETVIEW_OPCLASS": 1, > "OWNER": "Z1", > "DFLTGRP": "IAM", > "SECLABEL": "NONE SPECIFIED", > "TSO_SIZE": 2500, > "SECLEVEL": "NONE SPECIFIED", > "DFP_DATAAPPL": "DFP4APPL", > "MODEL": "USER", > "__ENABLE__": false, > ... > } > ``` > **Collapse: Delete a RACF account** > > You can use the RACF connector to delete an account from the RACF service. > > The following example deletes a RACF account: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --request DELETE \ > "http://localhost:8080/openidm/system/racf/__ACCOUNT__/ANTO" > { > "_id": "ANTO", > "TSO_MSGCLASS": "Q", > "NAME": "MONISHA VINCER", > "CICS_RSLKEY": 99, > "NETVIEW_OPCLASS": 1, > "OWNER": "IBMUSER", > "OMVS_UID": 290, > "DFLTGRP": "IAM", > "SECLABEL": "NONE SPECIFIED", > "OPERPARM_HC": "NO", > "TSO_SIZE": 2500, > "SECLEVEL": "NONE SPECIFIED", > "DFP_DATAAPPL": "DFP4APPL", > "OPERPARM_DOM": "NORMAL", > "MODEL": "RACF.ACCESS", > "OPERPARM_ROUTCODE": "ALL", > "__ENABLE__": true, > ... > } > ``` ### Groups You can create a group using any of the following unique attributes: * `GID` (must be the same as `__NAME__`) * `OVM_GID` * `OMVS_GID` | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | - When you create a new group, you must specify *at least* `__NAME__` and `GID`. Refer to the [list of available attributes](#racf-segments) for more information. - The length of `GID` must be 1-8 characters and can consist of any combination of: * Uppercase letters `A`-`Z` * Numbers `0`-`9` * `#` (`X'7B'`) * `$` (`X'5B'`) * `@` (`X'7C'`) - `__NAME__` can be a maximum of 20 characters consisting of alphanumeric and non-alphanumeric characters. | > **Collapse: Create a RACF group** > > | | | > | - | -------------------------------------------------------------------------------- | > | | When you create a new group, you must specify at least the `GID` and `__NAME__`. | > > The following example creates a group with all the creatable attributes: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --request POST \ > --data '{ > "GID": "SFDSFFH", > "__NAME__": "SFDSFFH", > "SUPGROUP": "SYS1", > "TERMUACC": true, > "UNIVERSAL": true, > "DATA": "HELLOEVERYONE", > "OVM_GID": 3245, > "OMVS_GID": 4365, > "TME_ROLES": "role002", > "DFP_MGMTCLAS": "DFP3MGMT", > "DFP_STORCLAS": "DFP3STOR", > "DFP_DATAAPPL": "DFP3APPL", > "DFP_DATACLAS": "DFP3DATA", > "MODEL": "TEST", > "OWNER": "IBMUSER" > }' \ > "http://localhost:8080/openidm/system/racf/__GROUP__?_action=create" > { > "_id": "SFDSFFH", > "DFP_DATACLAS": "DFP3DATA", > "Users": null, > "OWNER": "IBMUSER", > "DFP_DATAAPPL": "DFP3APPL", > "GID": "SFDSFFH", > "OVM_GID": 3245, > "DATA": "HELLOEVERYONE", > "__NAME__": "SFDSFFH", > "TME_ROLES": "ROLE002", > "CREATED": "24.005", > "OMVS_GID": 4365, > "SUPGROUP": "SYS1", > "SUBGROUP": null, > "UNIVERSAL": true, > "TERMUACC": true, > "DFP_STORCLAS": "DFP3STOR", > "DFP_MGMTCLAS": "DFP3MGMT", > "MODEL": "TEST" > } > ``` > **Collapse: Query RACF groups** > > The following example queries all RACF groups: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --request GET \ > "http://localhost:8080/openidm/system/racf/__GROUP__?_queryId=query-all-ids" > { > "result": [ > { > "_id": "AA01" > }, > { > "_id": "AA02" > }, > { > "_id": "ADCD" > }, > { > "_id": "BLZCFG" > }, > { > "_id": "BLZGRP" > }, > { > "_id": "BLZWRK" > }, > { > "_id": "CEAGP" > }, > { > "_id": "CFZADMGP" > }, > { > "_id": "CFZSRVGP" > }, > { > "_id": "CFZUSRGP" > }, > { > "_id": "CIMGP" > }, > { > "_id": "DB2" > }, > { > "_id": "DGFDGDH" > }, > { > "_id": "DSN710" > }, > { > "_id": "EMPLOYEE" > }, > { > "_id": "EXTERNAL" > }, > ... > ], > "resultCount": 83, > "pagedResultsCookie": null, > "totalPagedResultsPolicy": "NONE", > "totalPagedResults": -1, > "remainingPagedResults": -1 > } > ``` > > The following command queries a group by ID: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --request GET \ > "http://localhost:8080/openidm/system/racf/__GROUP__?_queryFilter=_id%20eq%20%22SFDSFFH%22" > { > "result": [ > { > "_id": "SFDSFFH", > "DFP_DATACLAS": "DFP4DATA", > "Users": null, > "OWNER": "IBMUSER", > "DFP_DATAAPPL": "DFP4APPL", > "GID": "SFDSFFH", > "OVM_GID": 3651, > "DATA": "HELLY", > "__NAME__": "SFDSFFH", > "TME_ROLES": "ROLE004", > "CREATED": "24.005", > "OMVS_GID": 9011, > "SUPGROUP": "SYS1", > "SUBGROUP": null, > "UNIVERSAL": true, > "TERMUACC": true, > "DFP_STORCLAS": "DFP4STOR", > "DFP_MGMTCLAS": "DFP4MGMT", > "MODEL": "TEST" > } > ], > "resultCount": 1, > "pagedResultsCookie": null, > "totalPagedResultsPolicy": "NONE", > "totalPagedResults": -1, > "remainingPagedResults": -1 > } > ``` > **Collapse: Update a RACF group** > > You can modify an existing group with a PUT request, including all attributes of the group in the request. For a list of attributes, refer to [RACF segments and attributes](#racf-segments). > > You can't modify any of the following attributes: > > * `GID` > > * `__NAME__` > > * `CREATED` > > * `TERMUACC` > > * `SUBGROUP` > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --header "If-Match:*" \ > --request PUT \ > --data '{ > "SUPGROUP": "SYS1", > "TERMUACC": true, > "DATA": "HELLY", > "OVM_GID": 3651, > "OMVS_GID": 9011, > "TME_ROLES": "ROLE004", > "DFP_MGMTCLAS": "DFP4MGMT", > "DFP_STORCLAS": "DFP4STOR", > "DFP_DATAAPPL": "DFP4APPL", > "DFP_DATACLAS": "DFP4DATA", > "OWNER": "IBMUSER", > "MODEL": "TEST001" > }' \ > "http://localhost:8080/openidm/system/racf/__GROUP__/SFDSFFH" > { > "_id": "SFDSFFH", > "DFP_DATACLAS": "DFP4DATA", > "Users": null, > "OWNER": "IBMUSER", > "DFP_DATAAPPL": "DFP4APPL", > "GID": "SFDSFFH", > "OVM_GID": 3651, > "DATA": "HELLY", > "__NAME__": "SFDSFFH", > "TME_ROLES": "ROLE004", > "CREATED": "24.005", > "OMVS_GID": 9011, > "SUPGROUP": "SYS1", > "SUBGROUP": null, > "UNIVERSAL": true, > "TERMUACC": true, > "DFP_STORCLAS": "DFP4STOR", > "DFP_MGMTCLAS": "DFP4MGMT", > "MODEL": "TEST001" > } > ``` > **Collapse: Delete a RACF group** > > You can use the RACF connector to delete a group from the RACF service. > > The following example deletes a RACF group: > > ``` > curl \ > --header "X-OpenIDM-Username: openidm-admin" \ > --header "X-OpenIDM-Password: openidm-admin" \ > --header "Content-Type: application/json" \ > --header "If-Match: *" \ > --request DELETE \ > "http://localhost:8080/openidm/system/racf/__GROUP__/SFDSFFH" > { > "_id": "SFDSFFH", > "DFP_DATACLAS": "DFP4DATA", > "Users": null, > "OWNER": "IBMUSER", > "DFP_DATAAPPL": "DFP4APPL", > "GID": "SFDSFFH", > "OVM_GID": 3651, > "DATA": "HELLY", > "__NAME__": "SFDSFFH", > "TME_ROLES": "ROLE004", > "CREATED": "24.005", > "OMVS_GID": 9011, > "SUPGROUP": "SYS1", > "SUBGROUP": null, > "UNIVERSAL": true, > "TERMUACC": true, > "DFP_STORCLAS": "DFP4STOR", > "DFP_MGMTCLAS": "DFP4MGMT", > "MODEL": "TEST" > } > ``` ## OpenICF Interfaces Implemented by the RACF Connector The RACF Connector implements the following OpenICF interfaces. For additional details, see [ICF interfaces](interfaces.html): * Create Creates an object and its `uid`. * Delete Deletes an object, referenced by its `uid`. * Schema Describes the object types, operations, and options that the connector supports. * Script on Connector Enables an application to run a script in the context of the connector. Any script that runs on the connector has the following characteristics: * The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access. * The script has access to a `connector` variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration. * The script has access to any script arguments passed in by the application. * Search Searches the target resource for all objects that match the specified object class and filter. * Test Tests the connector configuration. Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid. This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out). You can invoke the test operation before a connector configuration has been validated. * Update Updates (modifies or replaces) objects on a target resource. []() ## RACF Connector Configuration The RACF Connector has the following configurable properties: ### Configuration properties | Property | Type | Default | Encrypted(1) | Required(2) | | ------------------------------------------------------------ | --------------- | ------- | ------------------------ | ------------------------- | | `hostName` | `String` | `null` | | [icon: check, set=fas]Yes | | Host name or IP address of RACF. | | | | | | `port` | `Integer` | `null` | | [icon: check, set=fas]Yes | | TCP/IP port number used to communicate with the RACF. | | | | | | `userId` | `String` | `null` | | [icon: check, set=fas]Yes | | The user id used to login to RACF. | | | | | | `password` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: check, set=fas]Yes | | The password used to login to RACF. | | | | | | `segments` | `String` | `null` | | [icon: times, set=fas]No | | To retrieve data based on RACF segments. | | | | | | `acceptSelfSignedCertificates` | `boolean` | `false` | | [icon: check, set=fas]Yes | | Specifies whether to accept or not self-signed certificates. | | | | | | `clientCertAlias` | `String` | `null` | | [icon: times, set=fas]No | | Alias for the client certificate. | | | | | | `clientCertPassword` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: times, set=fas]No | | Password for the client certificate. | | | | | | `maximumConnections` | `Integer` | `10` | | [icon: times, set=fas]No | | Provides the maximum connections. | | | | | | `connectionTimeout` | `Integer` | `300` | | [icon: times, set=fas]No | | Provides the maximum connection timeout in seconds. | | | | | | `httpProxyHost` | `String` | `null` | | [icon: times, set=fas]No | | Provides the Proxy Host. | | | | | | `httpProxyPort` | `Integer` | `null` | | [icon: times, set=fas]No | | Provides the Proxy Port. | | | | | | `httpProxyUsername` | `String` | `null` | | [icon: times, set=fas]No | | Provides the Proxy Username. | | | | | | `httpProxyPassword` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: times, set=fas]No | | Provides the Proxy Password. | | | | | (1) Whether the property value is considered confidential, and is therefore encrypted in IDM. (2) A list of operations in this column indicates that the property is required for those operations.