Writing Resource Rules › Protecting ACCOUNT Use

Protecting ACCOUNT Use

You can assign an account number to a virtual machine whose costs are charged in a VM environment. This requires an ACCOUNT control statement in the CP directory entry for the virtual machine. The ACCOUNT statement includes a primary account number and up to seven alternative account numbers.

When a machine is logged on or autologged, it is assigned a number from its associated directory ACCOUNT statement. By default, the machine inherits its primary account number. An alternate number (if one exists) is assigned if it is specified in the LOGON or AUTOLOG command line as a value of the ACCOUNT operand. CA ACF2 for z/VM optionally uses resource rules instead of the directory for account validation. The primary (default) account is stored in the Logonid database.

To implement ACCOUNT support, the following five steps are necessary:

1. Determine your account mode setting. The ACCVLD operand of the OPTS VMO record establishes the account mode. There are three possible settings: YES, FULL, and LID.
2. Assign the VLDVMACT logonid privilege. This step is necessary if you use the ACCTVLD(LID) setting. If you want to use full account security (ACCTVLD(FULL)), skip this step.
3. Assign the VMACCT logonid value. Virtual machines that have account validation must have their default accounts assigned to them in this field.
4. Establish account resource rule sets by executing the ACFCVACT utility or issuing the COMPILE subcommand of the RESOURCE setting.
5. Set the account mode by setting the ACCTVLD operand of the OPTS VMO record to FULL or LID.

For additional information on ACCOUNT validation support, see the Systems Programmer Guide.