Because most CP commands are free form, you can enter the command name, operand values, and keywords many different ways. Almost every command and keyword has a two- or three-character abbreviation. For most commands, you can enter operands and keywords in any order. In addition, there are various command formats associated with different CP privilege classes. In short, there is almost no end to the different ways you can enter a command.
To simplify your job as a command limiting rule writer, CA ACF2 for z/ VM always breaks down a command into a common format, described by the command model. This means you can write your rules in a defined format, even though a user can enter the command several different ways.
CA ACF2 for z/ VM lets you mask the values of UID strings and CP command operands. UID masking works the same in a command limiting rule as it does for access rules. If you are not familiar with UID masking, see the Administrator Guide for more information. You can also mask CP command operands. Effective operand masking is a critical element in every rule entry. CP command operand masking uses the dash (-), asterisk (*), and pseudo operand values. For information about pseudo operand values, see the Using Pseudo Operand Values in Rules section. You can combine the asterisk and dash, but you cannot mask the CP command name.
$KEY(SPOOL) PRINT - LOG
In the above command limiting rule, the dash (-) acts as a mask. The rule applies to the execution of any CP SPOOL command with the operand PRINT followed by zero or more valid operands. Of course, the CP SPOOL command syntax does not allow zero operands in this case.
The following tables illustrate how to use the dash (-) and asterisk (*) for masking keyword operands. For information about masking operands in a transposition routine, see the Using Pseudo Operand Values in Rules section.
Below are examples of masks for operands:
|
Mask |
Description |
|---|---|
|
- |
Masks all operands. Example: - UID(*) ALLOW |
|
- operand |
Masks all operands before the specified operand. Example: - CLASS A UID(*) |
|
- operand - |
Masks all operands, except for the one specified. Example: - CLOSE - |
|
operand - |
Masks all operands after the specified operand. Example: T3380 - UID(*) ALLOW |
|
*- |
Operand mask for a single operand (recommended for leading masks that require at least one character) Example: TIMER *- UID(*) ALLOW |
|
* |
Mask for a single character operand. Example: - CLASS * UID(*) ALLOW |
Below are examples of character masks in operands:
|
Mask |
Description |
|---|---|
|
c*
|
Mass up to one character per asterisk (*) (can be less or none). Example: abc***** = any three- to eight-character string beginning “abc” |
|
c*- |
Mask any number of characters. Example: abc*- = any length string beginning “abc” |
|
*c |
Mask one character per asterisk (*). Example: *****abc = any eight-character string ending “abc” |
|
c*c |
Masks one character per asterisk (*). Example: ***a***c = any eight-character string with “a” as the fourth character and “c” as the eighth character |
|
** |
Masks up to one character per asterisk (*) (can be less or none). Example: ** = Zero to two characters ******** = Zero to eight characters |
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|