These fields appear in the Cross‑Reference Report output:
Indicates the privileges granted to the logonid that is running the report. The output of the report is limited to the level of authority and scope given to this user.
Shows the scopes placed on the logonid running the report. If this user is a scoped security administrator, output is limited to the CA ACF2 Option for DB2 records within the user’s scope.
Lists the storage class (D) of CA ACF2 Option for DB2 rule sets.
Indicates the type of rule sets that the user wants to process.
Names the resource to be processed.
Indicates the DB2 subsystem or group SYSID that the CA ACF2 Option for DB2 rules apply to.
Indicates the infostorage record key where the rule set is stored. The infostorage record key is formatted as below.
The segments of the infostorage key for a DB2 resource are explained below.
The storage class can be C(for Control records) with a type code of DB2, or D(for CA ACF2 Option for DB2 rules) with a type code of one of the following:
|
Type Code |
Description |
|---|---|
|
BPL |
Buffer pool |
|
COL |
Collection |
|
CON |
Trusted context |
|
DBS |
Database |
|
FNC |
Function |
|
JAR |
JAR file |
|
PKG |
Package |
|
PLN |
Application plan |
|
PRC |
Stored procedure |
|
ROL |
Role |
|
SCH |
Schema |
|
SEQ |
Sequences |
|
STG |
Storage group |
|
SYS |
System privilege or utility |
|
TBL |
Table |
|
TSP |
Table space |
|
TYP |
Distinct type |
The name of the key consists of the four‑character DB2 subsystem ID followed by the $KEY of an CA ACF2 Option for DB2 rule set.
Identifies the date and time that this rule record was last changed. The format is MM/DD/YY, DD/MM/YY, or YY/MM/DD, based on the DATE option of the CA ACF2 Global System Option (GSO) OPTS record.
Tells you the logonid of the user who last changed (that is, stored) this rule record.
Indicates all of the control statements that are contained in the rule set. Possible entries for CA ACF2 Option for DB2 include %CHANGE, %RCHANGE, $MODE, $NOSORT, $LIDOWNER, $UIDOWNER, or $USERDATA. Users identified by the %CHANGE, %RCHANGE, $LIDOWNER, and $UIDOWNER control statements are listed in the Rule Record Summary portion of this report. The $MODE value is also listed on the CONTROLS line.
Lists the individual logonids that have access to the DB2 resource because of special CA ACF2 Option for DB2 privileges (NC or SE).
Lists the individual logonids that have access to the DB2 resources because they match the UID parameter in the rule entry (U or nothing after the logonid) or because they match the $UIDOWNER or $LIDOWNER control statements (O). The listing of individual logonids matching each rule entry is optional (see the LID|NOLID option in the CA ACF2 Reports and Utilities Guide for more information).
Specifies the reason code why CA ACF2 Option for DB2 permits this logonid to have access to this DB2 resource. If a code does not appear on the report, it means the user has access only as specified by that rule. Possible codes are:
O—Owner (user’s UID matches $LIDOWNER or $UIDOWNER control statement).
NC—Cannot be canceled (user has NON‑CNCL attribute in logonid).
SC—Scoped security administrator (user has SECURITY attribute and a matching SCPLIST value in logonid).
SE—Unrestricted security administrator (user has SECURITY attribute and no SCPLIST value in logonid).
U—UID match (user’s UID matches UID parameter in rule entry). This code is not listed if it is the only condition met.
Lists the matching rule entries as they appear in the rule record. Possible fields that could appear in an CA ACF2 Option for DB2 rule entry are
UID(uidmask) SHIFT(shift) SERVICE(keyword1,keyword2,...,keywordn) COLUMN(column1,column2,...,columnn) ACTIVE(date) UNTIL(date) FOR(date) DATA(text) ALLOW|LOG|PREVENT NEXTKEY(nextkey)
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|