The TEST subcommand interactively tests a compiled resource rule set. Test the resource rule to determine if the rule validates access to the resource that you want. While the TEST subcommand is active, only resource rule interpretation is done. This testing does not consider any site‑specific system options or attributes of the logonids being tested. It also does not consider any exits that you have developed. The TEST subcommand is simplified because of the unlikelihood of testing all possible exit combinations. The syntax for the TEST subcommand is:
TEST { * }
{ resource }
Indicates that you want to test the previously compiled resource rule set.
Operates the same as when you specify an asterisk.
Identifies the resource rule that you want to test.
After you issue the TEST subcommand and any of its parameters, the TEST subcommand is active. You can specify a test access environment by entering any of the following keywords with the appropriate values. You must separate each keyword by blank characters. You can specify keywords on one or more input lines.
Specifies the access date. This date can be in the format mm/dd/yy, dd/mm/yy, or yy/mm/dd. The appropriate format is specified in the DATE field of the VMO OPTS record. The TEST subcommand uses today's date as the default.
Specifies the logonid used to obtain the user ID. You must have access to the specified logonid record.
Specifies the resource name that you want to test access for. CA ACF2 for VM places the $KEY value before the RSRC value unless you place the RSRC value in single quotes. CA ACF2 for VM does not use RSRCNAME when validating VM accesses. You can use this keyword to test OS/390 resource rule entries or accesses that site‑written routines support.
Specifies the type of access to test. This access type can be ADD, DELETE, READ, or UPDATE. Separate multiple access types by blank characters or commas. If you do not specify the SERVICE keyword, the TEST subcommand tests for combined ADD, DELETE, READ, and UPDATE authority.
Specifies the logical name of the input source or source group.
Specifies the time in hours (hh) and minutes (mm). This keyword is used to test a SHIFT specified in a rule entry.
Specifies a mask of the UIDs you want to test and identifies the users whose access you want to test. You do not need access to the logonid records of the users whose access you want to test.
An example of how to use the TEST subcommand is shown below.
RESOURCE COMPILE ACFCMP510I ACF compiler entered $KEY(ABCD) TYPE(123) UID(*****TLCAMS) ALLOW UID(*****TLCPJM) UNTIL(11/25/99) ALLOW ACFCMP551I Total record length=184 bytes ‑ 4 percent utilized
When the period (.) is displayed, the TEST subcommand is active. You can enter any of the TEST subcommand keywords to specify the particular environment that you want to test. The keyword UID, for example, tests whether a resource rule set allows a certain user to access a resource. In the next screen example, we are testing the previously compiled resource rule set for the resource name ABCD to see if user TLCAMS can access this resource.
RESOURCE TEST * . UID(*****TLCAMS) The following parameters are in effect: Date=11/11/97, time=1904, UID=*****TLCAMS, source=******** Access would be ALLOWED . The following parameters are in effect: Date=11/11/97, time=1904, UID=*****TLCAMS, source=******** Access would be ALLOWED . end RESOURCE
The system displays all of the current values of the environment being tested. At the bottom of the display is a message indicating whether access to the resource is allowed, logged, or prevented. From the previously compiled rule set, user TLCAMS is allowed access to resource ABCD.
After a result is displayed, you can make another entry of keywords and values to specify another environment for testing. After you enter TEST command keywords, the values you specify remain in effect until you change them. Furthermore, as shown in the previous example, CA ACF2 for VM assumes that nearly all values we did not specify are completely masked by default. For instance, if you specify no UID keyword, the subcommand tests whether all UIDs are allowed access. To terminate the TEST subcommand, enter:
END
The results of the TEST subcommand show whether access to the resource is allowed, logged, or prevented, as follows:
Access is allowed
Access is allowed, but logged
Access is prevented.
If no rule entry specifically applies to the test access environment,
CA ACF2 for VM displays the following message:
ACFpgm74CI No rule applies, access would be denied
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|