CA ACF2 for z/VM validation of data spaces occurs at PERMIT time, not actual access time. Data space rules must distinguish between READ and WRITE access to data spaces. You therefore need to use the SERVICE keyword of resource rules to distinguish between READ access and UPDATE access.
To protect data spaces, you must specify a new keyword of DSPACE(xxx) on the RESCLASS VMO record. The default resource type for DSPACE is DSP.
For more information on VM data space security, see the Administrator Guide.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|