In storage class “E,” there are two different type codes: SRC (for source records) and SGP (for source group records).
The source entry records identify the individual input sources for CA ACF2 for VM validation. This record translates a physical input source to a logical input source name. For example, you can translate a terminal, GRAF0494, to a logical source, ROOM001. When listed, this source entry record looks like this:
TYPE: SRC ENTRY: GRAF0494 1 DATA ITEM ROOM001
In the above example, the type code SRC identifies this record as an input source record. GRAF0494 is the name of the entry record, and also the physical name that identifies a terminal. The data item, ROOM001, defines a logical name for the terminal. The user has chosen this logical name because it is more meaningful than the name GRAF0494. CA ACF2 for VM expects only one logical source for each source entry record. If you specify more than one, CA ACF2 for VM ignores the others.
You must put the logical name of the input source in the logonid record to protect sources using the SRC type code.
The source group entry records identify groups of input sources for CA ACF2 for VM validation. A source group can contain physical or logical input source names and logical records that are themselves groups of sources. The source group name is a logical name that maps many input sources to a specific source group. Source groups let you write rules for groups of sources rather than each individual input source. For example, you can define the PAYROLL department as a source group and specify various input sources, GRAF0480, GRAF0481, and GRAF0482, in that group. (You can also use a logical name, like ROOM001, that was defined in a SRC entry in the source group.) When listed, this source group entry record looks like this:
TYPE: SGP ENTRY: PAYROLL 3 DATA ITEMS GRAF0480 GRAF0481 GRAF0482 ROOM001
In the above example, the type code SGP identifies this record as a source group record. PAYROLL is the name of the entry record, and is a logical name that identifies all terminals in the PAYROLL department. This record contains three data items that identify the individual terminals or groups that make up the source group.
If you are using eight‑character names, a source group record can contain a maximum of 442 entries. If you are using less than eight characters, the number of entries in the source group record will be greater.
You can define an individual input source simultaneously in more than one source group. To avoid confusion, a physical device name cannot be the same as an SRC entry record name in an SGP entry record.
As stated before, a source group can also contain logical records that are themselves groups of sources. This lets you define groups in larger groups.
For example, suppose you have three groups of terminals, some users are permitted to log on to all three groups, and the other users can log on to only one of the three groups. In this case, you want to define each of the three individual groups of terminals, and one larger group that consists of all three individual groups.
To do this, you define a total of four X‑SGP records, one for each individual group of terminals, and one for the larger group that consists of all three of the individual terminal groups. For each X‑SGP record ID (recid), you use the name of the terminal group or the name of the set of terminal groups that the X‑SGP record defines. You may have X‑SGP records with record IDs such as TERMA, TERMB, TERMC, and GROUP1, where GROUP1 consists of TERMA, TERMB, and TERMC.
After you have defined all of the X‑SGP records, specify one of the individual terminal groups (TERMA, TERMB, or TERMC) or the set of all three terminal groups, GROUP1 in the SOURCE field of the users' logonid records.
Specify TERMA in the SOURCE field of the logonid records for those users who are permitted to log on to only TERMA terminals.
You can also have a set of X‑SGP records cross‑reference another set of X‑SGP records. Extending the scenario just described, suppose that you want to permit some users to have access to a system from the set of terminal groups indicated in the X‑SGP GROUP1 record and from another set of terminal groups defined in the record X‑SGP GROUP2. In this case, you could define an X‑SGP record called GROUPA. GROUPA consists of GROUP1 and GROUP2.
You can use this X‑SGP to X‑SGP cross‑reference ability as an indexing process to define up to 25 levels.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|