Use protection by class and target when you must restrict files in certain classes to distribution to various users. The rule set below prevents users with the PAY, PER, GEN, MKT, and OPR user ID from spooling the classes listed in their particular rule. PAY users can spool TO or FOR Payroll and Personnel, but again, only for the classes they are allowed to spool as specified in the previous rule. PAY users can also spool files to themselves. They cannot send files to anyone else. This rule set allows all other spooling actions.
$KEY(SPOOL) $NOSORT *- - CLASS BCEFGHIJKLMNQSTUVXYZ0123456789 - UID(PAY) PREVENT *- - CLASS ABDGHIKLMNOQRSTVWXYZ0123456789 - UID(PER) PREVENT *- - CLASS ABCDEFHIJKLMNOPRSTUVXYZ01345689 - UID(GEN) PREVENT *- - CLASS BCDEGHIJKNOPQRTUVWXYZ0123456789 - UID(MKT) PREVENT *- - CLASS ABCDEFGHIJKLMNQRSTVWXY012356789 - UID(OPR) PREVENT *- - TO P***** - UID(PAY) ALLOW *- - FOR P***** - UID(PAY) ALLOW *- - TO OWNER - UID(PAY) ALLOW *- - FOR OWNER - UID(PAY) ALLOW *- - TO *- - UID(PAY) PREVENT *- - FOR *- - UID(PAY) PREVENT - UID(PAY) ALLOW - UID(PER) ALLOW - UID(GEN) ALLOW - UID(MKT) ALLOW - UID(OPR) ALLOW
This rule only lets PAYOPR transfer files in classes A, P, R, and W to Payroll. The OPR user can transfer files in classes A and R TO or FOR anyone in Payroll or Personnel. PAY and PER users can transfer files in classes A, P, R, and W to others in Payroll and Personnel. OPR users can also send their files on classes E, F, G, M, and O to anyone. GEN and MKT users can send their files to anyone.
$KEY(TRANSFER) SYSTEM *- CL APRW TO PAY*** - UID(PAYOPR) ALLOW SYSTEM *- CL AR *- P***** - UID(OPR) A *- CL APRW *- P***** - UID(PER) ALLOW *- CL APRW *- P***** - UID(PAY) ALLOW SYSTEM *- CL EFGMO - UID(OPR) ALLOW *- CL EFGMO - UID(OPR) ALLOW *- CL EFGMO - UID(PER) ALLOW - UID(GEN) ALLOW - UID(MKT) ALLOW
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|