Considerations
The security model implemented for the Dynamic Workload Console is similar to that already implemented by other Tivoli® products that have been ported to z/OS® (namely Tivoli User Administration and Tivoli Security Management).
All versions of the Dynamic Workload Console use WebSphere® Application Server to handle the initial user verification. In all cases, however, it is necessary to obtain a valid corresponding RACF® user ID to be able to work with the security environment in z/OS.
To optimize the thread handling between z/OS connector and the scheduler server, you can group console users by RACF user ID. To define this grouping, associate a list of console users to the same RACF user ID, by editing the TWSZOSConnConfig.properties file in the TWSInstallationPath\eWAS\profiles\TIPProfile\properties directory and setting the last two properties as follows:
com.ibm.tws.zconn.usr.mapping.enable=true com.ibm.tws.zconn.usr.mapping.file=mapping_file_path\mapping_file
where mapping_file is the name of the file that contains the mapping between console user and RACF user ID, as in the following example:
engine=zos1919 user=twsuser1,twsuser2 zosuser=zos1919user1 user=twsuser3,twsuser4 zosuser=zos1919user2