LOGON‑BY lets you log onto another user ID and allows IDs to be optionally shared when a group logon resource rule exists that allows the access.
Optional group IDs allow users to share personal IDs. A logonid record is designated as an optional group ID when the GRP‑OPT attribute is present in the logonid record.
Important: In cases where a logonid has both the GRPLOGON attribute and the GRP‑OPT attribute, GRPLOGON takes precedence. This means that the user ID cannot log onto itself.
LOGON‑BY lets you log onto another user ID if a group logon resource rule exists that allows the access. Enter the LOGON‑BY syntax to do this. When you use LOGON‑BY to access another user ID, that ID becomes a group ID for the duration of the session.
LOGON‑BY provides these benefits:
The RESCLASS VMO record controls whether a user ID can be a group ID. This lets you gradually phase in the LOGON‑BY feature.
We currently support three syntax variations for LOGON‑BY. We recommend that you use number one because it ensures that CA ACF2 for VM does not display your password. Below are examples of the syntaxes:
LOGON lid1 BY lid2
Specifies the user ID you are logging onto.
Specifies your own CA ACF2 for VM user ID.
For example, if Ann Smith (TLCAMS) wants to access Pete Miller's user ID (TLCPJM), she would enter the following:
LOGON TLCPJM BY TLCAMS
CA ACF2 for VM would then prompt Ann for her own CA ACF2 for VM password:
LOGON lid1 BY lid2 password
For example, if Ann Smith (TLCAMS) wants to access Pete Miller's user ID (TLCPJM) using this syntax, she would enter the following:
LOGON TLCPJM BY TLCAMS password
LOGON lid1
For example, if Ann Smith (TLCAMS) wants to access Pete Miller's user ID (TLCPJM) using this syntax, she would enter the following:
LOGON TLCPJM
CA ACF2 for VM then prompts Ann for her password and she must enter:
BY/TLCAMS/password
Enter the LOGON‑BY syntax (including slashes) exactly as shown above.
You can also issue the LOGON‑BY syntax from the full‑screen logo as shown in the following example:
z/VM ONLINE / VV VVV MM MM / VV VVV MMM MMM ZZZZZZ / VV VVV MMMM MMMM ZZ / VV VVV MM MM MM MM ZZ / VV VVV MV MMM MM ZZ / VVVVV MV M MM ZZ / VVV MV MM ZZZZZZ / V MV MM built on IBM Virtualization Technology Fill in your USERID and PASSWORD and press ENTER (Your password will not appear when you type it) USERID ===> USER01 PASSWORD ===> BY/USER02/password COMMAND ===> RUNNING ZVMSYS01
Enter the LOGON‑BY syntax in the PASSWORD field. Use the same syntax shown in the third example on the preceding page.
With LOGON‑BY, a group ID cannot log onto itself. If your site allows this, you must remove the GRPLOGON attribute and specify the GRP‑OPT attribute to change those IDs from mandatory group IDs to optional group IDs. Then use the correct LOGON‑BY syntax and let the group logon resource rules govern the accesses.
If you are presently allowing users to log onto group IDs as themselves, you must remove the GRPLOGON attribute and specify GRP‑OPT to change those IDs from mandatory group IDs to optional group IDs.
To decentralize optional group IDs and let users make their IDs optional group IDs, this is what you need to do:
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|