In most cases, sites decide to start CA ACF2 for z/VM in LOG mode. It is not absolutely necessary that you write access rules before the initial CA ACF2 for z/VM start‑up. However, in any mode other than QUIET, CA ACF2 for z/VM validates all data access requests. If no rules exist, CA ACF2 for z/VM writes a logging record after validation. It does not prevent data access unless one of the following values are in effect:
CA ACF2 for z/VM generates a large number of logging records if no rules exist. This can lower the performance of your operating system. In addition, CA ACF2 for z/VM reports produced from these logging records are probably of little help in writing production access rules because of the large amount of data. We suggest that you write a few general rules for commonly accessed data. Carefully review these rules and refine them later.
If you select RULE mode, individual access rules can contain the mode for that particular rule set. Access rules without this mode control statement are governed by the system‑wide mode specified. See the “Converting to Full Security” chapter for more information.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|