ACFRPTRV automatically reports all SMF records for access attempts that violate a rule or where no rule exists. It lets you identify unauthorized users to determine whether they should have access and to take corrective action if needed. For example, it creates an SMF record when a user attempts to use a resource that he is not authorized to use.
Note: CA ACF2 Option for DB2 validates accesses whenever DB2 validates them. In some cases, DB2 processing causes CA ACF2 Option for DB2 to report some unusual violations, such as:
If the creator’s view privileges are not greater than his table privileges, CA ACF2 Option for DB2 performs additional checks. These checks determine whether the view creator’s primary and secondary IDs can insert, update, or delete from the view and the table on which the view is being created. If any of the IDs can insert, update, or delete from the view but not from the base table, CA ACF2 Option for DB2 logs a violation against the table for each of the privileges not possessed and prevents the view’s creation.
See the next section, Logging Records for other information applicable to violation records.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|