This section introduces the structure of the DirMaint command limiting rule sets. It also explains the scenario used in the sample rules in subsequent sections. CA ACF2 for z/ VM provides one $KEY (DirMaint) for all the DirMaint subcommands. CA ACF2 for z/ VM automatically logs the execution of any DirMaint command. CA ACF2 for z/ VM does not support the commands listed in this chapter for all DirMaint releases.
Before you can write command limiting DirMaint rules, you must compile the models. To compile a syntax model for DirMaint commands, issue the following commands:
acf ACF set model MODEL compile DIRMxxxx .
where xxxx identifies your DirMaint release. Use DIRMR510 for Function Level 510 and DIRML530 for Function Level 530.
Rule sets with a key of DirMaint can prevent users from executing certain DirMaint commands on a DirMaint system:
$KEY(DirMaint) MDLTYPE(530)
You can now write rules to restrict or allow DirMaint commands without having to define individual users.
As a very simple start, you could write the rules in this section when you install the CA ACF2 for z/ VM DirMaint logging feature. This rule set allows users do everything they normally do.
$KEY(DirMaint) MDLTYPE(530) FORUSER * - UID(*) ALLOW
The keyword DirMaint in the above rule lets all users execute all DirMaint commands.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|