The value you supply for the $KEY control statement depends on the type of data you want to allow others to access. The $KEY statement must begin in the first column. For each data access request, CA ACF2 for z/VM validates the $KEY value that you specified and a data set name value. The $KEY controls which rule set is checked during validation. The dsn (data set name) identifies the full name of the file being accessed. In the VM environment, CA ACF2 for z/VM validates access requests to minidisks, CMS file IDs, MVS data sets, VSE files accessed under CMS, and attachable devices. The following sections explain how CA ACF2 for z/VM determines who can access data by validating a dsn for each of these data types and how the dsn is constructed.
CA ACF2 for z/VM validates all minidisk LINK requests. This includes links predefined in a user’s VM directory entry and all LINK commands issued through CP. You are automatically allowed access to any minidisks you own. You are denied access to any minidisks that you do not own unless the owner has specifically written a rule that allows you access. CA ACF2 for z/VM validates all access attempts to minidisks not owned by that user. CA ACF2 for z/VM checks:
Specifies the logonid of the user who owns the minidisk.
Specifies the data set name in the form Vaddr.VOLUME
Vaddr
Specifies the virtual device address of the minidisk
VOLUME
Specifies the name of the minidisk.
CA ACF2 for z/VM validates all requests to access CMS files. CA ACF2 for z/VM checks:
Specifies the logonid of the user who owns the minidisk that the CMS file resides on.
Specifies the data set name in the form Vaddr.filename.filetype
Vaddr
Specifies the virtual device address of the minidisk that the CMS file resides on (for example, V0191.WORK.DATA)
filename
Specifies the name of the CMS file
filetype
Specifies the type of the CMS file.
CA ACF2 for z/VM validates requests to access MVS data sets through VM CMS. CA ACF2 for z/VM checks:
Specifies the high‑level index of the data set name. For example, SYS1 is the high‑level index of SYS1.SHRPROC.
Specifies the data set name in the form index.index. ... .index. The rule entry begins with the second‑level index and can extend up to 22 levels, with a maximum of eight characters per level.
CA ACF2 for z/VM validates requests to access VSE data sets through VM CMS. CA ACF2 for z/VM checks:
Specifies the high‑level index of the file ID. For example, TLCAMS is the $KEY value of a rule set for TLCAMS.WORK.TEXT and TLCAMS.TEST.
Specifies the VSE data set name in the form index.index. ... .index. The rule entry requires only the second through the last qualifiers. For CA ACF2 for z/VM, a DOS data set name can contain a maximum of eight characters per level (maximum of 44 total characters).
CA ACF2 for z/VM validates all CP ATTACH commands for DASD devices. CA ACF2 for z/VM checks:
Specifies the $KEY value for the dedicated and attached DASD volumes (defined in the ATTKEY option of the OPTS VMO record). The default is SYSTEM.
Specifies the data set name in the form Rccuu.
cc
Specifies the channel number of the device
uu
Specifies the unit number assigned to the device. This is the real address of the device.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|