Depending on the type of access to be validated, the X‑SGP record
cross‑references the SOURCE field in one of the following records:
An X‑SGP record can also cross‑reference another X‑SGP record.
For system access validations, CA ACF2 for VM matches the source group defined in the X‑SGP record with the source group named in the SOURCE field of the user's logonid record. To ensure that a user can log on to only a particular group of terminals, you can define the terminals belonging to the group in the X‑SGP record, then specify the name of the source group record in the SOURCE field of the user's logonid record. For more information about logonid records, see the “About the Logonid Record” chapter.
For data set access validations, CA ACF2 for VM matches the source group defined in the X‑SGP record with the source group named in the SOURCE field of the data set access rule. To ensure that users can access a data set only from a particular group of terminals, you can define the terminals belonging to the group in the X‑SGP record, then specify the name of the source group record in the SOURCE field of the access rule written for the data set. For more information about data set access rules, see the “About Access Rules” chapter.
For resource access validations, CA ACF2 for VM matches the source group defined in the X‑SGP record with the source group named in the SOURCE field of the resource rule. To ensure that users can access a resource only from a specific group of terminals, you can define the terminals belonging to the group in the X‑SGP record, then specify the name of the source group record in the SOURCE field of the resource rule written for the resource. For more information about resource rules, see the “About Resource Rules” chapter.
Besides cross‑referencing the other CA ACF2 for VM records just described,
X‑SGP records can cross‑reference each other. This cross‑reference function lets you define groups in larger groups.
For example, suppose you have three groups of terminals, some users are permitted to log on to all three groups, and the other users can log on to only one of the three groups. In this case, you want to define each of the three individual groups of terminals, and one larger group that consists of all three individual groups.
To do this, you define a total of four X‑SGP records, one for each individual group of terminals, and one for the larger group that consists of all three of the individual terminal groups. For each X‑SGP record ID (recid), you use the name of the terminal group or the name of the set of terminal groups that the X‑SGP record defines. You may have X‑SGP records with record IDs such as TERMA, TERMB, TERMC, and GROUP1, where GROUP1 consists of TERMA, TERMB, and TERMC.
After you have defined all of the X‑SGP records, specify one of the individual terminal groups (TERMA, TERMB, or TERMC) or the set of all three terminal groups, GROUP1 in the SOURCE field of the users' logonid records.
You can also have a set of X‑SGP records cross‑reference another set of X‑SGP records. Extending the scenario just described, suppose that you want to permit some users to have access to a system from the set of terminal groups indicated in the X‑SGP GROUP1 record and from another set of terminal groups defined in the record X‑SGP GROUP2. In this case, you could define an X‑SGP record called GROUPA. GROUPA consists of GROUP1 and GROUP2.
You can use this X‑SGP to X‑SGP cross‑reference ability as an indexing process to define up to 25 levels.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|