A sample rule set might look like this:
$KEY(SYSADM) $TYPE(SYS) $SYSID(PROD) *This rule entry allows the SECOFF logonid to use SYSADM. UID(*****SECOFF) ALLOW *This rule entry logs the MKTPMS logonid. Use until 5/5/05. UID(*****MKTPMS) LOG UNTIL(05/05/05)
Here is an explanation of each element:
This control statement identifies the resource name that this rule set protects. CA ACF2 Option for DB2 locates and uses this rule set when a user attempts to use the SYSADM authority.
This control statement names the type of resource that this rule set addresses (in this case, system privileges and utilities).
This control statement identifies the DB2 subsystem ID that this rule set covers. CA ACF2 Option for DB2 uses this rule set when someone attempts to use the SYSADM authority on the DB2 subsystem PROD.
This comment statement tells what the following rule entry is. It is not stored in the Infostorage database.
This parameter identifies part of an access environment. It tells CA ACF2 Option for DB2 to use this rule entry when the user whose UID matches *****SECOFF requires the SYSADM authority.
This part of the rule entry is the access permission. It tells CA ACF2 Option for DB2 what to do when an access request matches all of the required conditions.
This comment statement tells what the following rule entry is.
This parameter tells CA ACF2 Option for DB2 to use this rule entry when the user whose UID matches *****MKTPMS requires the SYSADM authority. The user’s access environment must also match other parameters of this rule entry (see the UNTIL parameter below).
This access permission permits the user whose UID matches *****MKTPMS to use the SYSADM authority but logs each time it is used to validate a resource.
This parameter identifies another condition of the access environment that must be matched for CA ACF2 Option for DB2 to use this rule entry. This parameter tells CA ACF2 Option for DB2 that use of SYSADM by this user is permitted only until May 5, 2005.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|