A scope record in the Infostorage database defines the records and rules to which a user’s privileges are limited. Only the INF parameter of the scope record applies to users of CA ACF2 Option for DB2 information or DB2 resources, because the INF parameter affects the Infostorage database, where CA ACF2 Option for DB2 records and rules are stored. The DSN, UID, and LID parameters relate to other databases and do not affect CA ACF2 Option for DB2 information or users of DB2. An example of an INF value is DTBLTESTEMPL.PAY, which represents an CA ACF2 Option for DB2 table rule set that covers the EMPL.PAY table on the TEST DB2 subsystem. (See the section below to specify this parameter.) The security administrator associated with this scope record can access and update only this rule set in the Infostorage database.
Users are associated with a scope record through the SCPLIST field in their logonid records. During validation, CA ACF2 Option for DB2 checks a user’s SCPLIST logonid field. If a SCPLIST value is present, the user is considered restricted, regardless of whether the SCPLIST value is a valid scope record. That is, if the specified SCPLIST value does not point to a valid scope record in the Infostorage database, the user is restricted and has no scope of authority. If the value is a valid scope record, the user is restricted to the records and rules identified in the scope record.
A scope record can be up to 4K in the Infostorage database. To maximize storage, you can use masking characters in the INF parameter. These create scope records that apply to multiple records and multiple rule sets.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|