After you write a rule allowing a user to access a directory, you must also write a rule allowing him to open the files in that directory. Unlike native SFS security where DIRCONTROL directories provide no individual file level security, CA ACF2 for VM SFS security protects individual files in both File Control and DIRCONTROL directories.
Suppose TLCPJM needs to read TLCAMS' file called MY DATA in the UNITEDSTATES.ILLINOIS.CHICAGO directory. That directory resides in the APPLDATA filepool, so the following rule is required:
$KEY(TLCAMS) / FILEPOOL(APPLDATA) DIR(UNITEDSTATES.ILLINOIS.CHICAGO) UID(TLCPJM) READ(A) MY.DATA FILEPOOL(APPLDATA) DIR(UNITEDSTATES.ILLINOIS.CHICAGO) UID(TLCPJM) READ(A)
In the above example, we have included the directory access rule and the file access rule because both are required. If you wanted to write a single rule that would authorize TLCPJM to read all the files in this directory and also authorize read access for the directory itself, you could write a rule like this one:
$KEY(TLCAMS) - FILEPOOL(APPLDATA) DIR(UNITEDSTATES.ILLINOIS.CHICAGO) UID(TLCPJM) READ(A)
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|