As you have read, privilege fields grant users certain authorities to access data, rule sets, logonid records, and other CA ACF2 for z/VM records. Scope records restrict that authority. For example, a user with the ACCOUNT privilege can insert, change, and delete logonid records. With an assigned scope, you can limit a user with the ACCOUNT privilege to insert, change, and delete logonid records for only a certain group of users, such as his department, site, or project group. A scope is associated with a user’s logonid through the SCPLIST field of the logonid record.
You define all logonid record fields in macros in the Field Definition Record (ACFFDR). The ACFFDR defines other system options besides the logonid record fields. The macro entry for each logonid field contains the field name, its attributes, and information that indicates what authorization is required to modify or list that field. This gives the system field‑level control over each logonid record field, whether defined by CA ACF2 for z/VM or added locally. You define your own logonid record fields by specifying new macro entries in the ACFFDR. See the Installation Guide for more information.
Users with the ACCOUNT privilege can create, change, display, and delete logonid records with the ACF command and its subcommands. They can issue these commands using the CMS ACF command or the full‑screen panels. You can find complete details on how to use the ACF subcommands to process logonid records in the Administrator Guide.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|