In today’s distributed environments, end users are known by their Internet or distributed user identities, but the z/OS Security Server deals only with RACF user IDs. As a transaction flows from the z/OS subsystems (such as CICS® and IMS™) to RACF, an application may associate all users with a single shared RACF identity. Some applications do this to avoid having to force every user to authenticate, but this approach can compromise end-user accountability.
To address this problem, RACF has, in z/OS V1R11, introduced an identity propagation function. z/OS identity propagation makes the identity of the end user securely available to the back-end business logic program and transaction processing z/OS subsystems, at the application and security-domain level.