You see this screen if you entered an S to select a specific rule entry from the previous screen, Display Resource Rule Entry List (3.2.2). This screen displays more detailed information about the rule you selected.
M9PA‑3221 Display Resource Rule Entry (3.2.2.1) CA ACF2 for VM COMMAND ===> ___________________________________________________________ TIME 14:30 Resource type : ___ Entry 1 of 1 Rulekey : ________________________________________ rsrcmask : __________________________________________________________ ______________________________________________________________ ______________________________________________________________ ______________________________________________________________ UID String : ________________________ Nextkey : ________ Access valid until : ________ Source : ________ Days access valid : ________ Shift : ________ Reccheck : ________________________ Access : _______ SERVICE request types: Read : _ Add : _ Update : _ Delete : _ Verify : _ Data : __________________________________________________________ PF1=Help 2=Print 3=Quit 4=Return 5= 6= PF7=Backward 8=Forward 9= 10= 11= 12=Ret
Specifies the three‑character type code that defines the type of resource this rule set protects.
Specifies the $KEY of the resource rule set.
Specifies additional qualifiers in the resource name. You must specify the
first‑level qualifiers in the rulekey if you want to specify additional qualifiers for the rsrcmask parameter. CA ACF2 for VM places a period between the first and second level qualifiers.
You must specify rsrcmask as the first parameter in the rule entry. A resource name can be up to 256 characters, including the characters specified in the rulekey. You can use the dash masking character (just as in access rules) to represent any number of characters up to the 256 character limit.
See the Access Rule Masking section in the “About Access Rules” chapter for more details on masking.
You cannot enclose the value you supply for rsrcmask in single quotes.
Specifies the key of an alternate rule set that CA ACF2 for VM should check if access to this resource is denied based on this rule set. The NEXTKEY parameter functions the same in resource rules as it does in access rules. For more information, see the Using NEXTKEY section in the “About Access Rules” chapter.
Specifies the User Identification string of the user (or set of users) that this rule entry applies to. If you omit this field, the rule applies to all users (optional).
Specifies an input source or source group name where this rule should apply. For example, you can specify the ID of a terminal. The access is allowed only if the user logs onto the specific terminal. If you do not specify a source, any input source is valid. Ask your security administrator for a list of valid source group names (optional).
Specifies the name of the shift record on the Infostorage database that applies to this rule entry. It defines valid days, dates, and times that this rule entry is in effect. If you do not specify this parameter, any access this rule indicates is appropriately allowed, logged, or prevented for all days, dates, and times.
Specifies the last date that this rule entry is valid. Valid input is in the Gregorian date format (mm/dd/yy, dd/mm/yy, or yy/mm/dd), depending upon the DATE parameter of the OPTS VMO record (optional).
Specifies the number of days that this rule is considered valid, starting from the day that the rule set was compiled. The minimum number that you can specify is zero (today's date), and the maximum number is 365 (optional).
Used in MVS record‑level protection. Specifies the name of an EXPRESSN record you want CA ACF2 for VM to use for this validation. The EXPRESSN record defines a Boolean expression that CA ACF2 for VM evaluates to determine whether a user can access a record based on the contents of a field. For more information about EXPRESSN records and record‑level protection, rever to the CA ACF2 for VM for OS/390 Administrator Guide.
You cannot maintain EXPRESSN records from CA ACF2 for VM.
Specifies the type of access to give to this user. Valid options are ALLOW (allow access to the resource), LOG (allow access, but record the action), and PREVENT (do not allow access). PREVENT is the default.
Specifies the type of access associated with the request. If you have defined local resources at your site, you must complete this field. CA ACF2 for VM‑defined resources do not use this field.
In the SERVICE request types field, enter a single character response following each service permission. For example, to allow TLCAMS read access to a specific volume, but prevent all other permissions, enter a Y after the ==> in the Read field of the SERVICE request types field like this:
SERVICE request types: Read ==> Y Add ==> N Update ==> N Delete ==> N
Requests password validation for any access attempts made under this rule. This field is valid only for site‑defined resource rules.
Enter up to 64 characters in this comment field. This field is kept with the rule entry and displayed when you decompile the rule. This data can indicate further checking or contain some control information.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|