Most products ask for access recommendations that are defined in
CA ACF2 for VM rules. Users can request accesses that CA ACF2 for VM validates against access rules or resource rules. In most cases, CAISSF requests are against resource rules. The name of the resource is in the following form:
PRODUCT NAME.CLASS.FUNCTION.OPERAND
For example, a CA‑Director ADMIN function of ADDGROUP might have the resource name DIRECTOR.ADMIN.ADDGROUP, which you would specify as the $KEY value of a resource rule.
With CA ACF2 for VM, you can control the level of rule writing. That is, you can determine how general or how specific you want a rule to be. To do this, mask the name of the resource. For example, you could specify one resource rule to protect all CA‑Director ADMIN functions with a $KEY of DIRECTOR.ADMIN.********.
With masking, you can write as many or as few rules as you want. Continuing with the above example, you could mask all CA‑Director ADMIN functions in one rule, DIRECTOR.ADMIN.******** and have a specific rule that controls
CA Director DIRGEN functions with a rule like DIRECTOR.ADMIN.DIRGEN. You could also protect all CA Director functions in one rule: CA‑Director.****************.
If you mask any rule keys, you must have a resource directory for the resource type. Resource directories are explained in the topic RESTYPE Record-Resident Type List Support in the chapter “Defining Structured Infostorage Records” in this guide. Issue the ACF SHOW STATE subcommand to determine the active resource directories.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|