You can use NEXTKEY to divide a particular resource rule set if it is very large.
For example, suppose a site has a DB2 table resource USER01.TESTTBL1, whose resource rule is too large to fit in a single rule record. You can divide the rule set into smaller rule sets using NEXTKEY as follows:
$KEY USER01.TESTTBL1 TYPE(TBL) SYSID(DB2P) UID(PAY) NEXTKEY(PAYTBL1) UID(AP) NEXTKEY(APTBL1) UID(FIN) NEXTKEY(FINTBL1)
In the previous rule set, the NEXTKEY parameter specifies the alternate rule sets to use in validating access to the specific resources. You can write smaller rule sets as follows:
$KEY(PAYTBL1) TYPE(TBL) SYSID(DB2P)
$PREFIX(USER01.TESTBL1) %CHANGE tpaydir UID(PAYCLK) SERVICE(SELECT) ALLOW UID(PAYMGR) SERVICE(ALL) ALLOW $KEY(FINTBL1) TYPE(TBL) SYSID(DB2P) $PREFIX(USER01.TESTTBL1) %RCHANGE tfindir UID(FINCLK) SERVICE(SELECT) ALLOW
The modified rule sets in the previous examples are smaller than the single rule set for the table.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|