If you built a resident type list (or directory) for the resource type code through the TYPES field of the RESTYPE VMO record or the ACFSERVE RELOAD RESOURCE command, you can mask the resource name in the $KEY value.
A mask for a resource rule name follows the conventions of logonid masking, except that you cannot use a dash (-) as a masking character. (See the “About the Logonid Record” chapter for information about logonid masking.) The asterisk is the only character that you can use for resource masking. A resource name mask can contain a dash imbedded between other characters because dashes are treated literally as characters and not a mask. With masking, you can write a resource rule set for a group of resources and still write a unique rule set for a single resource in that group. For example, $KEY(G*******) applies to all resources of a given type code whose names are from one‑to eight‑ characters and begin with G. $KEY(GET) applies specifically to the resource GET. When validating access to this resource, CA ACF2 for VM first checks the resource rule with the $KEY value GET (versus G*******), because GET is a more specific resource name and CA ACF2 for VM always sorts rules from most‑specific to most‑general.
Masking is especially useful when you want to create your own resource types. You can standardize the names of resources of a certain type so certain names fit a particular mask, letting one rule set control access to those resources. Masking a resource name in a resource rule follows the conventions of UID masking in access rules, (see the “About Access Rules” chapter for more information.) except that you cannot use a dash (-) as a masking character.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|