ABORT

Logs resource violations, issues violation messages, and denies the action. CA ACF2 Option for DB2 rules determine and control resource sharing. This provides default protection and is the default value.

LOG

Logs resource violations, but permits the action to continue. Users can access resources, however, CA ACF2 Option for DB2 checks the rules that apply to the request and verifies the user’s logonid. Access attempts that are invalid according to a rule or because no rule exists are granted access but logged.

QUIET

Disables CA ACF2 Option for DB2 rule validation. Rules exist in the Infostorage database but users can access resources without creating violation records. Logonid and similar validation still takes place. CA ACF2 Option for DB2 ensures that the logonid performing the function exists in the Logonid database and is not expired.

RULE,norule,no$mode

Migrates to full security. This method lets you store CA ACF2 Option for DB2 rules gradually while permitting you to access the system when CA ACF2 is up and running.

With this mode, you specify the action CA ACF2 Option for DB2 takes in the absence of applicable rules or a $MODE control statement in the rule set. See the “Writing CA ACF2 Option for DB2 Rules,” chapter for more information about $MODE.

The value of the $MODE control statement can be ABORT, LOG, or QUIET, as defined above. The $MODE control statement in the rule set is meaningful only when the MODE(RULE,norule,no$mode) option is in effect and when CA ACF2 Option for DB2 determines that a violation occurred. You must enter the following two parameters in this order:

• norule—Specifies the action CA ACF2 Option for DB2 is to take if no matching rule set is found when RULE mode is in effect. The norule value can be ABORT, LOG, or QUIET, as defined above.
• no$mode—Specifies the action CA ACF2 Option for DB2 is to take if no $MODE control statement is found in the applicable rule set when RULE mode is in effect. The no$mode value can be ABORT, LOG, or QUIET, as defined above.