VM lets a particular type of directory, called a DIRCONTROL directory, be loaded into a dataspace. This loading makes the files in this directory memory resident and any user with access to the directory can directly read it.
After a user accesses a directory that is loaded into a dataspace, the Shared File System (SFS) server and CA ACF2 for VM do not intervene for read access to the files in the directory. Files opened for input bypass all security. However, CA ACF2 for VM does continue to perform write validations for any files opened for output.
Because of this restriction, it is very important for you to carefully select directories for loading into a dataspace that have no CA ACF2 for VM rules designed to selectively limit read access to individual files in the directory.
To facilitate centralized control over both file access rules and over the loading of directories into dataspaces, you should limit DATASPACE command use. See the Command and Diagnose Limiting Guide for more information on command limiting.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|