Resource rule account validation takes place under the appropriate settings (FULL or LID). Specifically, if you execute:
The account number that is validated as the rule set $KEY value depends on the scenario. There are three possibilities:
During system entry, CA ACF2 for VM automatically selects the user default account number (in his VMACCT logonid field) to undergo account resource rule validation. This occurs by default (whenever you issue the LOGON or AUTOLOG commands without the ACCOUNT operand).
During system entry, you specify an account number other than the default value to undergo account resource rule validation. Use the ACCOUNT operand of the LOGON or AUTOLOG commands.
During the machine's session, you specify any account number to undergo account resource rule validation. Use the SET ACCOUNT command for this purpose.
For example, assume that the TLCAMS virtual machine has the value ACT001 in its VMACCT logonid field. During system entry for TLCAMS, CA ACF2 for VM selects this number by default (Scenario 1). It then validates this account number against an ACCOUNT resource rule with the same $KEY value. For the validation to succeed, a rule set similar to the following is needed:
$KEY(ACT001) TYPE(ACT) UID(TLCAMS) ALLOW
Assume that another rule set lets TLCAMS issue another account number, ACT002, for example:
$KEY(ACT002) TYPE(ACT) UID(TLCAMS) ALLOW
During system entry, this number is assigned to the TLCAMS virtual machine if you specify it through the ACCOUNT operand of the LOGON or AUTOLOG command (Scenario 2). Or, during the session of TLCAMS, the user could change this number through the SET ACCOUNT command (Scenario 3). In both of these situations, the account number ACT002 is temporary. CA ACF2 for VM recognizes it as TLCAMS's account for the duration of the session.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|