For most cases, you should take your DirMaint Version 1 Release 4 rule and add the FORUSER keyword and value to the front of each rule entry. Then, if the rule is for one of the commands where “user to change” was a command operand, remove that operand from the rule. The FORUSER operand value replaces the “user to change” operand in the new DirMaint command syntax. ADD is an exception, since the user you are adding is still the first operand of ADD.
For example, to convert the following DirMaint Version 1 Release 4 rule:
$KEY(DIRMPRIV) ADD ACC*** UID(ACCMGR) ALLOW AMDISK *- *- DUMMY AUTOG *- ACC - UID(ACCMGR) ALLOW AMDISK *- *- *- AUTOV *- ACC00* - UID(ACCMGR) ALLOW CHVADDR ACC- *- TO - UID(ACCMGR) ALLOW CMDISK *- *- DUMMY AUTOG *- ACC UID(ACCMGR) ALLOW CMDISK *- *- *- AUTOV *- ACC00* - UID(ACCMGR) ALLOW DMDISK *- *- ACC00* - UID(ACCMGR) ALLOW LOCK ACC*** UID(ACCMGR) ALLOW TMDISK ACC- 019*- TO ACC- 019* UID(ACCMGR) ALLOW UNLOCK ACC*** UID(ACCMGR) ALLOW
Change the rule to:
$KEY(DirMaint) FORUSER * ADD ACC*** UID(ACCMGR) ALLOW FORUSER * AMDISK *- XXXX AUTOG *- ACC - UID(ACCMGR) ALLOW FORUSER * AMDISK *- *- AUTOV *- ACC00* - UID(ACCMGR) ALLOW FORUSER ACC- CHVADDR *- TO - UID(ACCMGR) ALLOW FORUSER * CMDISK *- XXXX AUTOG *- ACC UID(ACCMGR) ALLOW FORUSER * CMDISK *- *- AUTOV *- ACC00* - UID(ACCMGR) ALLOW FORUSER * DMDISK *- ACC00* - UID(ACCMGR) ALLOW FORUSER ACC*** LOCK UID(ACCMGR) ALLOW FORUSER ACC- TMDISK 019*- TO ACC- 019* UID(ACCMGR) ALLOW FORUSER ACC*** UNLOCK UID(ACCMGR) ALLOW
Notice that the $KEY has changed to DirMaint and XXXX is now used for the generic device type when you are allocating a minidisk with AUTOV or AUTOG instead of the DUMMY that was used in DirMaint Version 1 Release 4. For all of the commands except for ADD, the userid operand now follows FORUSER.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|