Using Reports › Understanding the ACFRPTEL Report › Why Do You Need this Information?
Why Do You Need this Information?
The ACFRPTEL report tells you each time a user adds, changes, or deletes a DB2 record or CA ACF2 Option for DB2 rule. Typically, you will use this report to verify the changes made to the Infostorage database records by a security administrator or another user designated by the %CHANGE or %RCHANGE control statement. Only these users can change CA ACF2 Option for DB2 rule sets or DB2 records. For example, you will want to know if any of the following has changed:
- The mode of a resource (xxxMODE field) or $MODE control statement (if in RULE mode). If the level of protection of a resource is changed, unauthorized accesses might not be logged or denied if someone changed the mode to QUIET or LOG.
- The Prevalidation or Postvalidation exit. If the name of one of these exits changes, you will want the change supported by change‑control procedures. Because exits can bypass CA ACF2 Option for DB2 processing, you will want to know what each exit is doing and if it is authorized.
- A rule set. Changes to rule sets indicate that users authorized to access the resource might have changed. You will want to review the rule set to ensure that these changes are appropriate.
Copyright © 2011 CA Technologies.
All rights reserved.
|
|