Accessing the System

How Does CA ACF2 for z/VM Work? › CA ACF2 for z/VM Privileges › Accessing the System

Accessing the System

When you try to log onto VM, CA ACF2 for z/VM verifies whether you are authorized to access the system. During the logon process, the following is verified:

Did you enter the correct password?
Is your logonid suspended for excessive password or security violations?
Is your password expired?
Is your logonid expired?
If you are accessing another user ID through group logon or logon‑by, does a resource rule allow access?

CA ACF2 for z/VM also optionally checks the following:

Are you accessing the system from an authorized source?
Are you accessing the system during an authorized time or day?
Is the account number used for this logon valid?
Did you enter your password from a nondisplay field?

You can activate these items on an as needed basis.

Whenever access is denied, CA ACF2 for z/VM displays an error message that explains why the access was denied. CA ACF2 for z/VM also creates an SMF record to log the violation.

CA ACF2 for z/VM supports the following LOGON line command:

LOGON logonid password
              password/new password
              BY logonid

From the VM logo screen, CA ACF2 for z/VM supports the following formats:

1.  USERID ===>  userid ________

    PASSWORD ==> oldpassword/[newpassword]

    COMMAND ===> [[BY userid ] [other‑optional‑operands]] ___

2.  USERID ===>  userid ________

    PASSWORD ==> [BY userid] [oldpw/newpw] ______________

    COMMAND ===> [other‑optional‑operands] __________

3.  USERID ===> userid ________

    PASSWORD ==> oldpw[/newpw] [BY userid] ___________

    COMMAND ===> [other‑optional‑operands] ________

Note the following:

If you log on from the VM logo screen or through the LOGON line command and do not enter your password, CA ACF2 for z/VM responds with the following message:
```
ACFpgm244R ENTER ACF2 PASSWORD
```
You can abort a logon by entering a plus sign (+) or the LOGOFF command in response to any CA ACF2 for z/VM logon prompt.

You can also use any of the following formats to log onto CA ACF2 for z/VM:

Where users specify a password, they can specify a new password ( the password can be changed) by using the following notation:
```
old‑password/new‑password
```
Your site can prevent this. See the Administrator Guide for details.
You can specify the GRPLOGON attribute with the LOGON command. Resource rules validate this parameter to determine whether CA ACF2 for z/VM allows the access as a member of a group or project.
You can also instruct CA ACF2 for z/VM to check that any user attempting to log onto VM has the VM attribute in his logonid record.