Users with the CA ACF2 for VM SECURITY privilege can issue ACF subcommands to create, change, and display entry records.
Entry records are processed under the ENTRY setting of the ACF command. The required type code for processing input source records is SRC. The required type code for source group records is SGP. The syntax of the SET subcommand to establish this setting is:
SET { ENTRY(SRC) }
{ ENTRY(SGP) }
Indicates you want to create input source entry records
Indicates you want to create source group entry records
After you have established the ENTRY setting, you can use other ACF subcommands to process your source and source group records. The last SET ENTRY setting determines the type of entry record that is processed with the other ACF subcommands.
Use the INSERT subcommand under the ENTRY setting to create a record that translates a physical source name into a logical name. Never use the same record name for an SGP ENTRY record and SRC ENTRY record. The syntax for this INSERT subcommand is:
INsert recordname
[USING(modelname) [TYPE(type)]]
[NEWDATA(newdata)]
[DSN(dsn)]
[CLEAR]
Specifies the one‑ to eight‑character entry record name
Obtains the model record name and uses the pseudo data set name and data items rather than starting from a new entry
Obtains the model record name from an entry type other than the one you specified in the last SET ENTRY subcommand
Specifies the entry record is a new data item to add
Specifies a filename for authorization control. If a user has access to the dsn, the user can change the entry record. Use this operand with access rules to determine the authority level a user has with this record.
DSN(TLCAMS.DATA) $KEY(TLCAMS) DATA UID(TLCPJM) r(a) DATA UID(TLCGLB) r(a) w(a)
In this example, TLCPJM can list DSN(TLCAMS.DATA) and TLCGLB can list and change DSN(TLCAMS.DATA).
CLEAR has meaning only when you specify a model record name. It eliminates all data items before adding the NEWDATA operand data (except for DSN).
An example of how to use the INSERT subcommand to create an SRC record under the ENTRY setting is shown below.
SET ENTRY(SRC) INSERT GRAF0490 NEWDATA(RM433)
In this example, CA ACF2 for VM translates the physical name of an input terminal (GRAF0490) into the logical name (RM433) of its room location. To authorize this terminal source as defined, you must add RM433 to the source field of the user's logonid record. If more than one terminal is located in the room, you must add a record for each physical device, or you could add one source group record as described above.
An example of how to use the INSERT subcommand to create an SGP record under the ENTRY setting is shown below.
SET ENTRY(SGP) INSERT RM433 NEWDATA(GRAF0490)
In this example, CA ACF2 for VM lets anyone with a source of RM433 in his logonid record to access the system from the real source, GRAF0490. To authorize using this terminal source as defined, you must add RM433 to the source field of the user's logonid record.
You use the INSERT subcommand only when adding the first source to a source group. You must use the CHANGE subcommand to add all subsequent sources to a source group record. The syntax for using the CHANGE subcommand to modify entry records is explained in Changing Entry Records.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|