CA ACF2 for z/VM lets you specify time and shift controls in the SHIFT field of the logonid record. You specify entries that define the specific shift on the Infostorage database. You can grant a user system access, data access, and resource access for a specific time of day, days of the week, or actual dates (specified as mm/dd/yy, yy/mm/dd, or dd/mm/yy, depending on your site’s option). Shift records have a record class of T and the type code SFT.
The SHIFT field in the logonid record contains the name of the shift record in the Infostorage database. Fields in the shift record let you specify the times and dates that CA ACF2 for z/VM should use to allow or deny access.
The DAYS field can contain days of the week (MO, TU, or WE) and dates (10/10/99, 12/20/99) when a user can access the system. The NDAYS parameter indicates specific days or dates not allowed. For example, you can name a shift record NORMAL and define DAYS as (MO,TU,WE,TH,FR). This record allows a user access during the regular work week. With NDAYS, you can specify 12/25/99 to prevent access on Christmas Day, regardless of whether it falls on a weekday.
Similarly, the TIME and NTIME fields specify the allowed and prevented times when a user can access the system. For example, the same shift record NORMAL specifies TIME(0800‑1700) to allow access during the standard business day, with NTIME(1200‑1300) specified to deny access during the lunch period. Or, you could define the same time frame by specifying only the TIME field as TIME(0800‑1200,1300‑1700). You must specify the DAYS field to specify TIME or NTIME.
The LOGSHIFT field of the logonid record grants system access to a user outside the shift specified in the logonid record, but this access is always logged. If you set the LOGSHIFT field but do not specify a shift name, CA ACF2 for z/VM ignores the LOGSHIFT field. For example, a programmer whose shift is defined as NORMAL but who must access the system on a weekend can be given access with the LOGSHIFT privilege. The LOGSHIFT privilege applies to a user’s access to the system and not to shift controls in resource rules or access rules.
Access rules can contain the SHIFT parameter to indicate the shift when a rule applies. In this way, you can limit access to specific data to particular days and times. Shift records can also protect resources. For example, you can govern group logons with a shift record that limits the hours of access to only morning or afternoon.
Security administrators can create shift records using the ACF command and its subcommands under the SHIFT setting in a way similar to creating other CA ACF2 for z/VM records. Use the INSERT, LIST, CHANGE, and DELETE subcommands of the ACF command to create and maintain shift records.
A shift record name is from one‑ to eight‑characters long. You specify the shift record name in the SHIFT field of the logonid record to point to the associated record in the Infostorage database. You can find complete details on how to use the ACF subcommands to process shift records in the Administrator Guide.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|