Information Technology Reference
In-Depth Information
other B2C users. Keep track of which user was granted which access token,
and the timestamps between when they held the token, by recording these
in a User ID allocation log table. The mainframe only logs the activities of the
“temporary User IDs” that it sees. You need to reconcile these IDs with the
actual User IDs (UUIDs) that identify physical users, by consulting the User ID
allocation log table.
There's a complication, though. Timestamps on IAM and the mainframe may
differ, so you may fail to authoritatively establish that it was User A who
executed a certain transaction and not the next user, User B. You can
sidestep it by passing both the UUID and the temporary User ID to the
mainframe through an intermediary integration component, which can log
each business transaction request into a transaction log table. This would be
a more authoritative way to establish the identity of the physical user who
performed a particular transaction on the mainframe.
The following diagram illustrates different ways to map user identity, to
enable the tracking of user activity to the satisfaction of your auditors.
