Previous Topic: Providing Additional ControlsNext Topic: Scope Records

How Does CA ACF2 for z/VM Work?Entry Records

Entry Records

Entry records are class E records that identify input devices. They are stored on the Infostorage database. Every logonid that is validated by CA ACF2 for z/VM has a physical input source designation, such as a specific terminal or remote cluster associated with it. For example, the standard terminal IDs used by VM can be GRAFxxxx and LINExxxx.

Physical source names are subject to random changes, such as recabling of terminals or swapping terminals for repair. This makes them a poor choice for access and resource rules and for limiting logonid use. CA ACF2 for z/VM translates the physical source name to a logical source name that is up to eight characters long. It does this by looking up a corresponding record on the Infostorage database having a type code of SRC (for source entry records) and identified by the physical source name. It then uses the first data item as the logical source name.

The logical source name is composed of location information, such as Terminal Room #1, Terminal #3 (designated as TR1T3), or a building and office number designation, such as BDG2RM32. They can be more oriented to the way a security administrator would think about them than the way an operating system views them.

Source Group Support

Source group records are type SGP records. They identify groups of input devices. In other words, entry records control the source from which certain users can access the system. For example, you might limit certain logonids access to the system from a specific set of remote terminals or a set of interactive terminals. Unrestricted security administrators can create and update entry records. Full scope auditors can display these records.

Creating Entry Records

To limit a logonid to specific input devices, use the ACF subcommands to set the SOURCE field of the logonid record to a logical source ID or a source group name. To make the input source part of the environment specification for resource or access rules, specify the name of the source record in the SOURCE parameter.

See the Administrator Guide for more information on how to define entry records.