You must define a RACF® user ID for each user ID you associate with a certificate name filter. Because these user IDs are shared, consider assigning the PROTECTED and RESTRICTED attributes to each one.

ALTUSER WEBUSER NOPASSWORD RESTRICTED

The PROTECTED attribute protects the user ID from being used to logon directly to the system and from being revoked through incorrect password and password phrase attempts. See Defining protected user IDs.

The RESTRICTED attribute ensures that the user ID is not used to access protected resources it is not specifically authorized to access. See Defining restricted user IDs.