When you use CA ACF2 for VM account resource rules, you can use the account operand and SET ACCOUNT command to dynamically impact account validation. For example:
An optional operand of the LOGON and AUTOLOG CP commands. You can issue it during system entry to assign a virtual machine an account number (up to eight characters) that is not its default value. This alternative account number is temporary. CA ACF2 for VM recognizes it only for the duration of the session, or until you issue the SET ACCOUNT command. CA ACF2 for VM checks the account number against an account resource rule that must allow the assignment for system entry.
A CP command that changes the account number (up to eight characters) of a virtual machine. This new account number is temporary. CA ACF2 for VM recognizes it only for the duration of the session (unless you issue the SET ACCOUNT command again with another account number). CA ACF2 for VM checks the account number against an account resource rule that allows the change.
Account resource rule validation is entirely optional with CA ACF2 for VM. It is enforced with an account mode setting of FULL (validation for all virtual machines) or LID (validation only for designated virtual machines). The
CA ACF2 for VM access mode setting and CA ACF2 for VM SECURITY privilege level have no bearing on the account resource rule validation process. An account rule validation occurs in the following way:
Whenever a logging or invalid access occurs from account resource rule validation, CA ACF2 for VM records it in the Resource Event Log (ACFRPTRV).
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|