CA ACF2 for VM protects VM minidisks, CMS files, and SFS files. Access rules for minidisks and files determine who can access them and what access privileges (read, write, or execute) they are allowed.
For each VM user, there is a VM directory entry and a CA ACF2 for VM logonid record. In the VM directory entry, most users are assigned minidisks that they own. There is one MDISK entry for each minidisk the user owns. Typically, users access their own minidisks and files frequently. To avoid unnecessary validations, CA ACF2 for VM always lets users access their own minidisks and files. The PREFIX field in the logonid record defines ownership.
Users can issue LINK commands to access minidisks they do not own. The LINK command names the user that owns the minidisk and its virtual address. For example, TLCPJM might issue the following command:
LINK TLCAMS 0191 0291 RR readpswd ACC 0291 B
The LINK and the ACCESS command let TLCPJM read (RR) TLCAMS 0191 minidisk at address 0291. Users can also issue the ACCESS command to access SFS directories they do not own. The ACCESS command names the filepool, the directory owner ID, and the directory name. For example:
ACCESS APPLDEV TLCAMS.PROJDATA B
You can issue these LINK and access commands
After a user LINKs to another user's minidisk, CA ACF2 for VM validates access to the files on the minidisk if CMS security is turned on. This provides two levels of validation, LINK and file. For example, to let a user LINK to one of your minidisks, you must write a rule using your logonid as the $KEY in the rule set. Then you can write additional rule entries to define exactly which CMS files the user can access.
The only exception is that access to an S‑mode minidisk automatically allows execution of any module on that minidisk.
If SFS security is installed, CA ACF2 for VM always validates access to individual files in a directory.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|