Another rule writing technique lets you specify a pseudo operand in a rule. This means you can specify a fixed name in a rule for operands that have variable values and let any operand match, as long as you specify a valid value.
You can use a pseudo operand name for any command operand that contains a variable. CA ACF2 for z/ VM provides transposition routines to allow you to use pseudo operands. You can determine the commands to have transposition routines by examining the command model. If the operand is defined with a TRANS=routine verb, then it is a variable. For more information, see the appendix “Transposition Routines for Command Limiting.”
We can use the READY command to illustrate a simple rule.
$KEY(READY) VCUU ALLOW
In the above rule, VCUU is the pseudo operand. It says that any virtual device address specified as an operand of the READY command matches the rule. Granted, this is a simple example where a dash rule also works, but consider how useful a pseudo operand can be in a SPOOL command rule.
For example, when writing a rule for the SPOOL command, you probably do not always know what address the user’s reader is at because he could issue a SPOOL 00C class G command. It is difficult to account for all possible device addresses or for the possibility that he could issue a DEFINE command to change the address. But through the pseudo operand technique, you can determine whether the device address is RDR, PRT, PUN, or CON. So when writing a rule, you could simply say RDR, controlling all the different types of readers.
$KEY(SPOOL) RDR - ALLOW
The next example illustrates how pseudo operands can specify unit record type devices:
$KEY(BACKSPAC) PRT FILE UID(OPRLEAD) LOG PRT ***** *** UID(OPRLEAD) ALLOW PUN - UID(OPRLEAD) ALLOW
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|