CA ACF2 for z/VM uses the logonid record to control access to your computer system. This section explains the following topics:
The logonid record is the most important CA ACF2 for z/VM record. It identifies a user on a particular system protected by CA ACF2 for z/VM. Account managers define users by creating a unique logonid record that enforces individual accountability. Account managers are also responsible for assigning special privileges to users. They specify these privileges in the logonid record fields. The fields contain information to identify a user’s attributes, such as:
The logonid record is variable in length, with a maximum of 1024 bytes. CA ACF2 for z/VM reserves 640 bytes for its use. Your site can use the remaining bytes to define your own fields. The standard fields of the logonid record are organized into the following sections:
Contains information such as the user’s logonid, name, phone number, and user identification string (UID).
Specifies if a logonid has been canceled or suspended. This section is only displayed if the user’s logonid has been canceled or suspended.
Specifies what auser can do, such as defining his ability to process other CA ACF2 for z/VM records.
Specifies the number of accesses a user has made and the time, date, and source of the last access.
Contains statistics on the number of violations, expiration date, and the date the password was last changed.
Contains the total number of security violations and the date and time the logonid was last updated.
Contains information about access to data and conditions for logon, such as shift.
You can define fields for your data center in any of these sections.
Below is a sample logonid record for Ann Smith, an auditor in the accounting department.
TLCAMS ACCTGAUDTLCAMS ANN SMITH EXT.413
DEPT(ACCTG) FUNCTION(AUD)
CANCEL/SUSPEND EXPIRE(12/29/03)
PRIVILEGES DUMPAUTH JOB VM
ACCESS ACC‑CNT(133) ACC‑DATE(9/15/03) ACC‑SRCE(LV248)
ACC‑TIME(09:21)
PASSWORD MAXDAYS (30) PSWD‑DAT(9/15/03)
PSWD‑TOD(9/01/03‑13:23) PSWD‑VIO(1)
TSO DFT‑PFX(TLCAMS)
STATISTICS SEC‑VIO(1) UPD‑TOD(8/11/03‑09:21)
RESTRICTIONS PREFIX(TLCAMS)
Specifies the user’s logonid.
Specifies the user identification string (UID). This example has defined the UID as the DEPT field, followed by the FUNCTION field, followed by the logonid. The values ACCTG, AUD, and TLCAMS are taken from these fields to form the UID ACCTGAUDTLCAMS. The DEPT and FUNCTION fields have been defined by the site and do not appear in the logonid record supplied with CA ACF2 for z/VM.
Specifies the user’s name.
Specifies the user’s telephone number.
Indicates the user is in the Accounting department.
Indicates the user is an auditor.
Indicates if the logonid has been canceled or suspended.
Indicates the expiration date. In this example, Ann Smith’s logonid record is temporary because it expires on December 29, 2003.
Indicates what privileges the user has been granted.
Indicates that the user can generate a storage dump.
Indicates that the user can submit jobs.
Indicates that the user can use VM.
Indicates how many times the user has accessed the system, and when and where last access attempts were made.
Indicates that USER01 has made 133 system accesses.
Indicates that USER01’s last access was on September 15, 2003.
Indicates that USER01’s last access was from a terminal identified as LV248.
Indicates USER01’s access was made on September 15, 2003 at 09:21.
Indicates the last time the user entered an incorrect password, the last time the password was changed, and how many password violations were made to date.
Indicates that 30 days must elapse before the user’s password must be changed.
Indicates the user’s last invalid password attempt was made on September 15, 2003.
Indicates that the last time the user changed their password was September 1, 2003 at 1:23 p.m.
Indicates that on September 15, 2003, the user made one invalid password attempt. CA ACF2 for z/VM automatically resets PSWD‑VIO to one on the first invalid password attempt on a new day.
Indicates how many security violations the user has and when their logonid record was last updated.
Indicates that, to date, the user has one security violation.
Indicates that the user’s logonid record was last updated on 8/11/03 at 09:21.
Indicates what records the user can access.
Identifies what PREFIX the user owns. The user can access data owned by TLCAMS without validation. The prefix is TLCAMS (same as the logonid). This field gives the user ownership of all records with a high‑level index of TLCAMS.
You can see that a logonid record contains a great deal of information about a user. For more detailed information about logonid records, see the Administrator Guide.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|