Writing Rules › Cross-Reference Role Group (X-ROL) Records › How X-ROL Record Works
How X-ROL Record Works
X-ROL allows you to define individual users to a role, assign the group a role name and add the role name to a rule line entry. The following actions take place when creating role based rules:
- An XREF XROL role record is defined.
- The data set or resource rule is created or modified by entering the X-ROL record name in the new role field in place of the UID string in the rule lines.
- When a user logs onto the system, CA ACF2 builds their role table. The table contains a list of all the roles to which the user belongs. This list includes roles and groups of roles.
- During access validation on a Roleset rule, the first role in the list is used for validation. If access is denied, the next role in the list is selected and validation is re-driven. This process continues until access is allowed or the users list of roles is exhausted at which time access would be denied.
X-ROL records are cross-referenced in one of the following records:
- Access rule record - CA ACF2 matches the role defined as the X-ROL record name with the role named in the ROLE field of a data set access rule line.
- Resource rule record - CA ACF2 matches the role defined as the X‑ROL record name with the role named in the ROLE field of a resource rule line.
- Another X-ROL record - X-ROL records can cross reference each other. This function lets you define groups of roles, or even groups of groups of roles. You can use the X‑ROL to X‑ROL cross-reference as an indexing process to define up to 25 levels.
Copyright © 2011 CA Technologies.
All rights reserved.
|
|