You should keep in mind the following information about VM account support through CA ACF2 for VM when creating account resource rules:
The ACCOUNT field of the RESTYPE VMO record lets you mask the account numbers in the $KEY. This macro must contain the same value specified in the ACT operand of the TYPES field of the RESTYPE VMO record for masking to occur. The default TYPES field of the RESTYPE VMO record includes type code ACT.
During system IPL, the system operator and any user ID specified in the AUTOLOG operand list of the VMXAOPTS macro (in HCPAC0) bypass CA ACF2 for VM account validation. However, when the ACF2 service machine startup completes, CA ACF2 for VM validates and initializes the account numbers of all users already on the system. Any user accessing the system with an unauthorized or invalid account number is automatically forced off.
Any user ID with the VMD4TARG logonid privilege bypasses account validation when logging on.
With CA ACF2 for VM, you can command limit the LOGON command. Preventing or logging the ACCOUNT operand of the LOGON command depends on the CA ACF2 for VM account mode setting:
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|