To ease rule writing, CA ACF2 for VM normalizes LINK modes to READ or WRITE access. For example, link modes R and RR are READ accesses. W, WR, M, MR, MW are WRITE accesses. CA ACF2 for VM does not interfere with the VM LINK logic for link modes. If a user requests an R link and someone already has a link to the disk, VM denies the link. If you need to protect the individual link modes, we provide this protection through command limiting. For example, you could prevent all MW links with the following rule:
$KEY(LINK) - MW PREVENT
CA ACF2 for VM allows for separate READ and WRITE validations. WRITE does not imply READ. On the minidisk level, validations for read links (such as R, RR, and so on) are validated as READ, and write links (such as W, WR, MR, MW, and so on) are validated as WRITE. However, some write links can end up as R/O links (such as if another user has the disk linked R/W). Also, once a write link is allowed, CP establishes a R/W link. This means that CP (and CA ACF2 for VM) allow data to be both read and written at the minidisk level. File level security does allow for WRITE‑ONLY files in the constraints of the CMS operating system.
See the Command and Diagnose Limiting Guide for more information.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|