You can use masking when you write access rules with the full‑screen feature or the ACF command. The UID parameter, for example, can contain masks that let many users access specific data. This section contains information about masking that you should read to make rule writing easier.
In access rule entries, the User Identification string (UID) describes users. Contrary to popular use, the UID is not hierarchical in nature. However, many users use it this way, which can lead to masking difficulties because of the way CA ACF2 for VM sorts rule sets. You can use the UID in a hierarchical manner if you use caution when writing access rules. Construct the UID with the
most‑used field first, the second‑used next, and so on. Below is an example of a UID constructed hierarchically with UIDs mixed in a rule set:
UID(C) READ(A) EXEC(A) UID(*****TLCAMS) READ(A) EXEC(A) WRITE(A)
The sorting sequence is 1,2. With a mixed rule like this, if TLCAMS was a member of “C”, TLCAMS could not write to any of her files because CA ACF2 for VM would look at the rule number one first. You could change rule number two to UID(C****TLCAMS) to solve this. Then CA ACF2 for VM sorts it before the old rule number one.
To make rule writing easier, you can mask the UID. Standard CA ACF2 for VM masking characters are asterisks, imbedded blanks, and dashes.
When placed in the UID field in an access rule, asterisks indicate a one‑to‑one substitution of any character, including a blank. CA ACF2 for VM automatically pads out the UID to its maximum length (24 characters) for access rules. (The exception to this is the UID parameter in the SCPLIST field. See the “About the Loginid Record” chapter for more details.) For example, you can define your UID as ten positions. The following UID mask matches these UIDs:
|
Mask |
Matches |
|---|---|
|
UID(ABC) |
ABC |
You can insert one or more asterisks after ABC and the same translation occurs because CA ACF2 for VM pads out the UID to its maximum length.
|
Mask |
Matches |
|---|---|
|
UID(ABC*) |
ABC |
Asterisks in or at the beginning of the UID are substituted on a one‑to‑one basis for any character, including a blank. Only ending asterisks match a null. Imbedded or leading asterisks are positional and never match a null.
|
Mask |
Matches |
Does Not Match |
|---|---|---|
|
UID(ABC*23) |
ABC123 |
ABC23 |
|
UID(*ABC) |
1ABC |
ABC |
Blanks are treated as any other valid character and can appear in a UID. They can match only blanks and are not treated as masks.
|
Mask |
Matches |
Does Not Match |
|---|---|---|
|
UID(ABC 234) |
ABC 234 |
ABC1234 |
|
UID(ABC ) |
ABC 2 |
ABC1 |
To match, a blank must exist as the fourth character in these examples.
You can use a dash as a masking character if it is in the last position of the mask and is translated the same way as an asterisk.
Consider these three UID masks:
UID(ABC-) UID(ABC*) UID(ABC)
All three are translated to the same name. Again, CA ACF2 for VM pads out the UID to its maximum length.
CA ACF2 for VM always treats an imbedded dash or one that is a leading character in a mask as a literal dash.
|
Mask |
Matches |
Does Not Match |
|---|---|---|
|
UID(AB-CD) |
AB-CD |
ABCD |
|
UID(-ABC) |
-ABC |
1ABC |
In these cases, CA ACF2 for VM treats the dash as a character, not as a masking element.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|