Adding or modifying a user

To allow users to create accounts for themselves or for other users so they can use Z and I Emulator for Web sessions, select Allow users to create accounts on the Users/Groups window.

To modify a user, right-click the user and select Properties.

To add a user:

  1. Click Users/Groups in the Administration window.
  2. Click New User on the Users/Groups window.
  3. Enter the required information.
    User ID
    Type the User ID. The valid characters are A-Z, a-z, 0-9, $, #, @, . (period), and - (hyphen). When using LDAP, User IDs can be mixed case. When using Z and I Emulator for Web to store configuration information, User IDs are converted to lowercase characters. IDs must be unique. You cannot have a user ID and a group ID that are the same, even if one is in lower case and the other is in upper.
    Note for Windows users Note for Windows users: If your users logon to a Windows domain, you can allow them to logon to Z and I Emulator for Web using their Windows user name. This option is configured using the Deployment Wizard, and selecting Automatically log users on to Z and I Emulator for Web using Windows username.
    Description
    Type a description of the user. You can use any character except | (vertical bar) and # (number or pound sign).
    New Password
    Type a password. You can use any character. A password is not required.
    Confirm Password
    Enter the password again.
    Disable Blank Passwords
    The administrator can set a specific property on the Z and I Emulator for Web Server to restrict the usage of blank passwords. A new property has been added in the config.properties file in Z and I Emulator for Web publish directory.
    Property Name = AllowBlankPassword
    Possible Values = "YES" or "NO"
    Default Value = "YES"

    Note: All values other than NO will be considered as YES.

    If the property value is YES, the administrator can create users with a blank password and users can also change their passwords to be blank. This is the same and default behavior.
    When the Z and I Emulator for Web administrator sets the property value to NO in config.properties file, the administrator cannot create new users or edit existing users with password value set to blank. In this case, users also cannot change a password to be blank.
  4. Select one or more groups for the new user from the Not a member of list and click Add. A user must be a member of at least one group.
    LDAP information If you are using LDAP, a user can be a member of only one group. Select the group that you want the user to be a member of.
  5. If you do not want the user to be able to save preferences (changes that the user might make to a host session configuration), select Do not save preferences. This feature is useful for user IDs shared by more than one person.
  6. If you do not want the user to change the password, select User cannot change password.
  7. If you use native authentication, select Use Native Authentication and enter a user ID to be used for the authentication process.
  8. Click Apply. Repeat the steps above to create another user account.
  9. Click Close when you finish.

A check box option is provided on the new/edit user window for the administrator to enable RACF authentication for a new or existing user. By default RACF authentication is disabled. With this option enabled, you can now be authenticated by using the native authentication feature available on z/OS.  Your Z and I Emulator for Web administrator can create or edit a Z and I Emulator for Web user to be RACF authenticated. The RACF authentication service on Z and I Emulator for Web allows users to logon to Z and I Emulator for Web using the native authentication feature available on z/OS. When a user logs on to Z and I Emulator for Web, their password is validated against the password stored in RACF (configured to LDAP on z/OS) rather than Z and I Emulator for Web password stored in LDAP under the user password attribute. When a user logs on:

  1. The user ID and password are sent to the Z and I Emulator for Web configuration server.
  2. The config server sends a LDAP query command to LDAP server and retrieves user information stored on the LDAP server.
  3. If the authentication type for that user is of the type RACF, Z and I Emulator for Web configuration server sends a bind request to that node (representing a Z and I Emulator for Web user) on LDAP.
  4. For a RACF user, LDAP server after receiving the bind request will determine that the user (node on ldap) is to be authenticated using the z/OS native authentication feature and forwards the request to RACF.
  5. RACF will compare the user password with the password in its own store and send back a bind response to the LDAP server. LDAP server sends back the bind response to Z and I Emulator for Web configuration server.
  6. Based on the bind response, configuration server will finally authenticate end users.

Related topics