Writing Resource Rules

Writing Resource Rules

Resource control protects system resources from unauthorized access. Resources are valuable system services or objects that can affect the integrity of your system, such as group user IDs and certain commands, for example, the AUTOLOG command. CA ACF2 for z/VM lets you control access to resources by writing resource rules that name the resource, type of resource, and the users who can access that resource. As part of your initial implementation of CA ACF2 for z/VM, you should write resource rules to protect:

• ACCOUNT use
• The target of an AUTOLOG command
• The target of a DIAL command
• Access to group machines
• Access to the Inter‑User Communication Vehicle (IUCV)
• Access to the Virtual Machine Communication Facility (VMCF).

This section contains the following topics:

Protecting ACCOUNT Use

Protecting the AUTOLOG and XAUTOLOG Commands

Protecting the DIAL Command

Protecting Group Machines

LOGON-BY

Protecting IUCV, APPC/VM, and VMCF

Masking in Resource Rules