docs/reference-manual/src/main/asciidoc/create-connector-security-map.adoc

type=page
status=published
title=create-connector-security-map
next=create-connector-work-security-map.html
prev=create-connector-resource.html
~~~~~~

= create-connector-security-map

[[create-connector-security-map-1]][[GSRFM00020]][[create-connector-security-map]]

== create-connector-security-map

Creates a security map for the specified connector connection pool

[[sthref175]]

=== Synopsis

[source]
----
asadmin [asadmin-options] create-connector-security-map [--help]
--poolname connector_connection_pool_name
[--principals principal-name1[,principal-name2]*]
[--usergroups user-group1[,user-group2]*]
[--mappedusername user-name]
[--target target]
mapname
----

[[sthref176]]

=== Description

The `create-connector-security-map` subcommand creates a security map
for the specified connector connection pool. If the security map is not
present, a new one is created. This subcommand can also map the caller
identity of the application (principal or user group) to a suitable
enterprise information system (EIS) principal in container-managed
authentication scenarios. The EIS is any system that holds the data of
an organization. It can be a mainframe, a messaging system, a database
system, or an application. One or more named security maps can be
associated with a connector connection pool. The connector security map
configuration supports the use of the wild card asterisk (`*`) to
indicate all users or all user groups.

To specify the EIS password, you can add the `AS_ADMIN_MAPPEDPASSWORD`
entry to the password file, then specify the file by using the
`--passwordfile` `asadmin` utility option.

For this subcommand to succeed, you must have first created a connector
connection pool using the `create-connector-connection-pool` subcommand.

This subcommand is supported in remote mode only.

[[sthref177]]

=== Options

asadmin-options::
  Options for the `asadmin` utility. For information about these
  options, see the link:asadmin.html#asadmin-1m[`asadmin`(1M)] help page.
`--help`::
`-?`::
  Displays the help text for the subcommand.
`--poolname`::
  Specifies the name of the connector connection pool to which the
  security map belongs.
`--principals`::
  Specifies a list of backend EIS principals. More than one principal
  can be specified using a comma-separated list. Use either the
  `--principals` or `--usergroups` options, but not both in the same
  command.
`--usergroups`::
  Specifies a list of backend EIS user group. More than one user groups
  can be specified using a comma separated list. Use either the
  `--principals` or `--usergroups` options, but not both in the same
  command.
`--mappedusername`::
  Specifies the EIS username.
`--target`::
  Do not specify this option. This option is retained for compatibility
  with earlier releases. If you specify this option, a syntax error does
  not occur. Instead, the subcommand runs successfully and displays a
  warning message that the option is ignored.

[[sthref178]]

=== Operands

mapname::
  The name of the security map to be created.

[[sthref179]]

=== Examples

[[GSRFM467]][[sthref180]]

==== Example 1   Creating a Connector Security Map

This example creates `securityMap1` for the existing connection pool
named `connector-pool1`.

[source]
----
asadmin> create-connector-security-map --poolname connector-pool1
--principals principal1,principal2 --mappedusername backend-username securityMap1
Command create-connector-security-map executed successfully
----

[[sthref181]]

=== Exit Status

0::
  subcommand executed successfully
1::
  error in executing the subcommand

[[sthref182]]

=== See Also

link:asadmin.html#asadmin-1m[`asadmin`(1M)]

link:delete-connector-security-map.html#delete-connector-security-map-1[`delete-connector-security-map`(1)],
link:list-connector-security-maps.html#list-connector-security-maps-1[`list-connector-security-maps`(1)],
link:update-connector-security-map.html#update-connector-security-map-1[`update-connector-security-map`(1)]