Before you implement diagnose limiting you must write diagnose limiting rules. Write one rule set for each diagnose code CA ACF2 for z/VM validates. The $KEY value for the diagnose code is DIAGnnnn, where nnnn is the hexadecimal diagnose code. You can use the following rule set to validate a diagnose instruction with code x’0004’:
$KEY(DIAG0004) MDLTYPE(440) UID(TLCAMS) LOG UID(TLCPJM) LOG
The MDLTYPE operand lets you have separate sets of rules in a shared database complex. This operand is also shared with command limiting. For more information on the MDLTYPE operand of the DIAGLIM VMO record, see the Administrator Guide.
Diagnose instruction loggings provide you with a more specific view of who uses each diagnose code and how it is used. With this information, you can write more specific rule sets. If you include all diagnoses, be sure to write a rule for the 0ACF and ACF diagnoses that CA ACF2 for z/VM uses. Minimally, the MAINT user should be able to use the 0ACF and ACF2 diagnose. This lets the MAINT user IPL an CA ACF2 for z/VM‑secured system with an IPL command and also use the ACF command.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|