To get to this screen, press Enter after you have completed the Add Resource Rule Entry (3.1.2.1) screen. Use this screen to grant the necessary authority to users so that they can make future maintenance changes to specified rule sets.
M9PA‑3130 Add Ruleset %Change Information (3.1.3) CA ACF2 for VM COMMAND ===> ___________________________________________________________ TIME 12:46 Resource type ==> ___ Rulekey ==> ___________________________________ UIDs allowed to change full ruleset (%CHANGE): Entry 1 of 0 ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ UIDs allowed to change rule entries only (%RCHANGE): Entry 1 of 0 ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ ==> ________________________ PF1=Help 2=Print 3=Quit 4=Return 5=Execute 6= PF7=Backward 8=Forward 9= 10=Previous 11=Next 12=Ret
Specifies the three‑character type code that defines the type of resource this rule set protects.
Specifies the $KEY value of the rule set. The $KEY control statement supplies the name of the resource that this rule was written for. A resource rule name can represent many different objects, depending on the resource TYPE.
CA ACF2 for VM‑defined type codes are ACT, ALG, GRP DIA, IUC, and VMC. For more information on these type codes, see the “About Resource Rules” chapter. For example, for DIA, the $KEY rule ID is the ID of a user in the VM directory that another user wants to dial to. For ACT, the $KEY rule ID is an eight‑character account code that you define. The rule ID can be up to 40 characters long. However, for most CA ACF2 for VM‑defined resource types, only the first eight characters are significant. You can mask this field with standard CA ACF2 for VM masking characters.
Specifies the UIDs of users with full change authority. These users can make changes to the rule set. This control statement indicates who can replace a particular set of rules. A security administrator can compile a rule set with only $KEY and %CHANGE control statements and establish a base rule set to distribute rule writing permissions (optional).
Do not specify a dash (-) as a masking character at the end of a %CHANGE UID mask as CA ACF2 for VM interprets it as a continuation character. There is no need to specify this dash because all UID values are padded out to their full length.
Specifies the UIDs of users who have limited change authority. These users can create rule entries, but cannot delegate the same authority to anyone else. The designated users cannot change control statements. They cannot further delegate change authority or delete the rule set. If the same user matches entries in both %CHANGE and %RCHANGE, the higher authority (%CHANGE) is in effect for that user (optional).
Specifies the %CHANGE UIDs listed first for this screen and the total number of %CHANGE entries found.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|