On Fri, 1 May 2020 12:37:58 -0400, Bob Bridges wrote:
> ...
>Or put it this way: If you say I can be authenticated via LPAR using a
>longer ID, and then perform tasks on the mainframe using that ID, how does
>RACF-or-whatever determine permissions? The OS asks whether <userID> has
>access to datasets or other resources - and that question allows 8 bytes for
><userID>. Even if I've logged on from some other OS using a longer ID,
>inside z/OS the system is still using an 8-byte ID.
>
Mapping should be an approach, even as most UNIX internally rely on
numeric UIDs, usually not more than 32 bits, mapping to/from user
names for display.
First enhance RACF to map long IDs, mixed-case, perhaps UNICODE, to
traditional 8-byte IDs, generated when necessary. Progressively enhance
various utilities to accept the new form, and display it, optionally as with
the difference between "ls -l" and "ls -n":
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/ls.html#tag_20_73_04
Begin with the important ones: JCL and TSO LOGON; others as selected by RFE.
provide a utility to display the mapping as "/bin/id" does. Provide ubiquitous
JCL
symbols &SYSUID for compatibility and &SYSLUID.
z/OS should aspire to be on the leading edge rather than trailing with
the USERIDALIASTABLE kludge.
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
