Previous Topic: Changing Resource Rule EntriesNext Topic: Deleting a Resource Rule

Maintaining Resource Rules with the Full-Screen FeatureChanging Resource Rule Set %CHANGE Information

Changing Resource Rule Set %CHANGE Information

This screen lets you change the users who can modify specified rule sets. To remove users, erase their UIDs from this list.

 M9PA‑3330   Change Ruleset %Change Information (3.3.3)    CA ACF2 for VM 
 COMMAND ===> ___________________________________________________________
                                                               TIME 14:31
 Resource type ==> ___  Rulekey ==> ___________________________________
 
 UIDs allowed to change full ruleset (%CHANGE):      Entry 1  of 0
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 
 UIDs allowed to change rule entries only (%RCHANGE):   Entry 1  of 0
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 ==> ________________________  ==> ________________________
 
 
PF1=Help         2=Print       3=Quit     4=Return        5=Execute  6=
PF7=Backward     8=Forward     9=         10=Previous     11=Next    12=Ret
Resource type

Specifies the three‑character type code that defines the type of resource this rule set protects.

Rulekey

Specifies the $KEY value of the rule set. The $KEY control statement supplies the name of the resource that this rule was written for. A resource rule name can represent many different objects, depending on the resource TYPE.
CA ACF2 for VM‑defined type codes are ACT, ALG, GRP, DIA, IUC, and VMC. For more information on these type codes, see the “About Resource Rules” chapter. For example, for DIA, the $KEY rule ID is the ID of a user in the VM directory that another user wants to dial to. For ACT, the $KEY rule ID is an eight‑character account code that you define. The rule ID can be up to 40 characters long. However, for most CA ACF2 for VM‑defined resource types, only the first eight characters are significant. You can mask this field with standard CA ACF2 for VM masking characters.

UIDs allowed to change full ruleset (%CHANGE)

Specifies the UIDs of users with full change authority. These users can make any and all changes to the specified rule set. This control statement indicates who can replace a particular set of rules. A security administrator can compile a rule set with only $KEY and $CHANGE control statements and establish a base rule set to distribute rule writing permissions (optional). Do not specify a dash (-) as a masking character at the end of a %CHANGE UID mask as CA ACF2 for VM interprets it as a continuation character. There is no need to specify this dash because all UID values are padded out to their full length.

%RCHANGE uidmask1,uidmask2,...,uidmaskn

Specifies who has restricted CHANGE authority over the rule set. The designated users can change individual rule entries, but not control statements. They cannot delegate change authority or delete the rule set. If the same user matches entries in %CHANGE and %RCHANGE, %CHANGE takes effect (optional).

Entry ___ of ___

Specifies the number of this rule entry and the total number of rule entries in this rule set.