Previous Topic: Adding OS/390 and VSE Access Rule Entry ListsNext Topic: Adding Rule Entries for OS/390 or VSE Data Sets

Maintaining Access Rules with the Full-Screen FeatureAdding Rule Entries for VM Data

Adding Rule Entries for VM Data

You see this screen if the rule set you selected on the previous screen (Add Access Rule Entry List) is a VM rule set. Use this screen to add access rules for VM minidisks or Shared Files System (SFS) files and directories.

 M9PA‑2126   Add Rule Entry For VM Data (2.1.2.6)        CA ACF2 for VM 
 COMMAND ===> _________________________________________________________
                                                             TIME 17:12
 Rulekey           ==> ________           Entry ___ of ___
 Minidisk Address  ==> _____        SFS Filepool ==> ________
 Filename/”VOLUME” ==> ________      Filetype    ==> ________
 SFS Directory     ==> _____________________________________________
             _____________________________________________
             ____________________________
 UID String         ==> ___________________  Source    ==> ________
 Shift              ==> ________             Nextkey   ==> ________
 Access valid until ==> ________   Access from program ==> ________
 
 Access (Allow/Log/Prevent):
                WRITE     ==> _______
                READ      ==> _______
                EXECUTE   ==> _______
 
 Data   ==> _______________________________________________________
 
 
PF1=Help       2=Print       3=Quit       4=Return      5=Execute   6=MVS<‑>VM
PF7=Backward   8=Forward     9=Director   10=           11=         12=Retrieve

Following is a brief description of the fields on this screen.

Rulekey

Specifies the key value of the rule set. For minidisk access rules, the rulekey is the same as the user ID specified in the VM directory entry that contains the minidisk. The rulekey specified can be up to eight characters long. You cannot mask this field.

Entry ___ of ___

Specifies the number of this rule entry and the total number of rule entries in the rule set.

Minidisk address

Specifies the address of the minidisk the rule applies to (for example, V0191) where

R

Specifies real DASD.

V

Specifies virtual address. This is the default.

Filepool

Specifies the Shared File System (SFS) filepool identifier this rule applies to.

SFS Directory

Specifies the Shared File System (SFS) directory identifier this rule applies to.

Filename/”VOLUME”

If the rule applies to a minidisk, enter VOLUME for the filename.

Filetype

Specifies the filetype of the file that this rule applies to.

UID string

Specifies the User Identification string of the user this rule entry applies to, or a pattern specifying the set of users that this rule should apply to. If you omit this field, the rule entry applies to all users (optional).

Source

Specifies an input source or source group name where this rule should apply. For example, you can specify the ID of a terminal. The access is allowed only if the user is logged onto that terminal. If you do not specify a source, any input source is valid. Ask your security administrator for a list of valid source group names.

Shift

Specifies the name of the shift record on the Infostorage database that applies to this rule entry. It defines valid days, dates, and times that this rule entry is in effect. If you do not specify this parameter, any access this rule indicates is appropriately allowed, logged, or prevented for all days, dates, and times (optional).

Nextkey

Specifies the rule ID of the next (or alternate) rule set that should be checked for this access. If access to this file or data set is denied based on the rule set environment and access permissions in the original rule, CA ACF2 for VM logonid proceeds to the rule specified in the NEXTKEY operand for further checking (optional).

Data

Indicates any character string (up to 64 characters) retained with the rule set and formatted when the rule set is decompiled. Your site might have standards for formatting this string. Standard CA ACF2 for VM logonid does not use values in the string, but they can be meaningful in your local implementation of CA ACF2 for VM through special program exit checking (optional).

Access valid until

Indicates the last date that this rule entry is valid. Valid input is in the Gregorian date form (mm/dd/yy, dd/mm/yy, or yy/mm/dd), depending on the DATE parameter of the OPTS VMO record (optional).

Access from Program

Specifies the program name that accesses the file or volume.

Access: (ALLOW|LOG|PREVENT)

Specifies the type of access that applies to this user. Valid options are ALLOW (allow the access to the file or volume), LOG (allow the access, but record the event), and PREVENT (do not allow the access). PREVENT is the default.

You can allow, log, or prevent users from having these types of access: WRITE (if allowed, the user can write to the file), READ (if allowed, the user can read the file), and EXECUTE (the user can execute the file).

You can mix the access permissions (ALLOW|LOG|PREVENT) with the access types (WRITE|READ|EXECUTE). For example, you can let a user read and execute a file, but not write to it. Do this by specifying:

WRITE==> P
READ ==> A
EXECUTE==> A

READ also implies EXECUTE.