Rule entries contain access environments and access permissions.
Identify the conditions that must exist before access is allowed or denied. CA ACF2 Option for DB2 uses the rule entry that matches the conditions of the actual request. You can specify the following parameters in a rule entry:
|
Parameters |
Description |
|---|---|
|
ACTIVE |
Specifies a date on which the rule line becomes active. |
|
COLUMN |
Specifies the columns of a table that a user can update. |
|
FOR |
Indicates the number of days a user can access this resource. |
|
ROLE |
Specifies the name of an X(ROL) record to indicate the users for whom the rule entry applies. |
|
SERVICE |
Specifies the function that a user must request for this rule entry to apply. |
|
SHIFT |
Specifies the times and days when access is permitted. |
|
UNTIL |
Specifies a date limitation to permit temporary access to this resource. |
|
UID |
Specifies the user or group of users to which the rule entry applies. |
|
USER |
Specifies a logonid to indicate the particular user for whom the rule entry applies. |
These parameters are described in more detail in the next section, “Providing Additional Controls.”
Identify the action that CA ACF2 Option for DB2 takes when all the required conditions are met. CA ACF2 Option for DB2 also uses the DB2 OPTS record to determine whether to permit access. Access permissions can instruct CA ACF2 Option for DB2 to enforce one of the following:
|
Action |
Description |
|---|---|
|
ALLOW |
Grant access to resource. |
|
LOG |
Grant access to resource, but log it. |
|
PREVENT |
Deny access to resource, and log the attempt. |
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|