CA ACF2 for VM also validates accesses made to a minidisk through the CMS FORMAT command and the ACCESS command with the ERASE option. Normally, only the owner of a minidisk can use the FORMAT or ACCESS with ERASE commands. CA ACF2 for VM can enforce this standard through access rules.
When a user issues a FORMAT command or an ACCESS command with the ERASE option, CA ACF2 for VM allows access if the user is the owner of the minidisk or the user has authorized write access to the minidisk.
Also, you can write access rules that allow write access to a minidisk while also preventing the use of FORMAT and ACCESS with ERASE. Use the PGM(FORMAT) parameter in an explicit prevent rule.
$KEY(PAYROLL) V0191.‑ UID(ABCPAYTLCAMS) READ(A) WRITE(A) EXECUTE(A) V0191.‑ UID(ABCPAY) WRITE(P) PGM(FORMAT) V0191.‑ UID(ABCPAY) READ(A) WRITE(A) EXECUTE(A)
The first rule entry lets user ABCPAYTLCAMS read, write, and execute the PAYROLL minidisk. This user can also use the FORMAT command. The second rule entry prevents other users with UIDs beginning with PAY from executing the FORMAT command on that minidisk. The third rule entry lets those users read, write, and execute the minidisk.
After an access rule is compiled (and sorted), the format rule must appear first, before any rule that allows the user write access to the minidisk.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|