Previous Topic: Changing OS/390 and VSE Access Rule Entry ListsNext Topic: Changing OS/390 or VSE Data Sets

Maintaining Access Rules with the Full-Screen FeatureChanging a VM Minidisk Rule Entry

Changing a VM Minidisk Rule Entry

This screen lets you change the VM rule set you selected on the Change Access Rule Entry List screen. To change any of the following information, type over the old value. If the new value is shorter than the old value, erase the rest of the field.

 M9PA‑2326  Change Rule Entry For VM Data (2.3.2.6)     CA ACF2 for VM
 COMMAND ===> ________________________________________________________
                                                            TIME 17:12
 Rulekey              : ________          Entry ___ of ___
 Minidisk Address   ==> _____           SFS Filepool ==> ________
 Filename/”VOLUME”  ==> ________          Filetype   ==> ________
 SFS Directory      ==> ____________________________________________
                   _________________________________________________
                   _________________________________________________
 UID String         ==> _________________   Source    ==> ________
 Shift              ==> ________            Nextkey   ==> ________
 Access valid until ==> ________  Access from program ==> ________
 
 Access (Allow/Log/Prevent):
                WRITE     ==> _______
                READ      ==> _______
                EXECUTE   ==> _______
 
 Data   ==> _______________________________________________________
 
 
PF1=Help       2=Print       3=Quit       4=Return      5=Execute   6=MVS<‑>
PF7=Backward   8=Forward     9=Director   10=           11=         12=Retrieve
Rulekey

Specifies the key value of the rule set. The rulekey you specify can be up to eight characters long. You cannot mask this field.

Entry ___ of ___

Specifies the number of this rule entry and the total number of rule entries in this rule set.

Minidisk address

Specifies the address of the minidisk the rule applies to (for example, V0191) where:

R

Specifies real DASD

V

Specifies virtual address. This is the default.

Filepool

Specifies the Shared File System (SFS) filepool identifier this rule applies to.

Filename/”VOLUME”

Specifies the filename of the file this rule applies to. If the rule applies to a minidisk, VOLUME is the filename.

Filetype

Specifies the filetype of the file this rule applies to.

SFS Directory

Specifies the Shared File System (SFS) directory identifier this rule applies to.

UID

Specifies the User Identification string of the user that this rule entry applies to.

Source

Specifies an input source or source group name where this rule should apply. For example, you can specify the ID of a terminal. The access is allowed only if the user logs onto the specific terminal. If you do not specify a source, any input source is valid. Ask your security administrator for a list of valid source group names (optional).

Shift

Specifies the name of the shift record on the Infostorage database that applies to this rule entry. It defines valid days, dates, and times that this rule entry is in effect. If you do not specify this parameter, any access the rule indicates is appropriately allowed, logged, or prevented for all days, dates, and times.

Nextkey

Specifies the rule ID of the next rule set that CA ACF2 for VM logonid checks for access. If access to this file or data set is denied based on the rule set environment and access permissions in the original rule, CA ACF2 for VM logonid proceeds to the rule set specified in the NEXTKEY operand for further checking (optional).

Data

Enter up to 64 characters in this field to be retained with the rule set and formatted when the rule set is decompiled. Your site might have standards about the format of this field. Standard CA ACF2 for VM logonid does not use values in the field, but they can be meaningful in your local implementation of CA ACF2 for VM through special program exit checking (optional).

Access valid until

Specifies the last date that this rule entry is valid. Valid input is in the Gregorian date format (mm/dd/yy, dd/mm/yy, or yy/mm/dd), depending upon the DATE parameter of the OPTS VMO record (optional).

Access from Program

Specifies the program name that accesses the file or volume.

Access: (ALLOW|LOG|PREVENT)

Specifies the type of access to apply to this user. Valid options are ALLOW (allow the access of the file or volume), LOG (allow the access, but record the event), and PREVENT (do not allow the access). PREVENT is the default.

You can allow, log, or prevent users from having the following types of access: WRITE (if allowed, the user can write to the file), READ (if allowed, the user can read the file), and EXECUTE (the user can execute the file).

You can mix the access permissions (ALLOW|LOG|PREVENT) with the access types (WRITE|READ|EXECUTE). For example, you can let a user read and execute a file, but not write to it. This is accomplished by specifying:

WRITE :P
READ :A
EXECUTE :A

READ also implies EXECUTE.