When you log onto a group virtual machine, a resource rule validates whether you can use the machine. This occurs regardless of the CA ACF2 for z/VM data access mode setting and any special privileges you might have (for example, SECURITY).
CA ACF2 for z/VM checks the resource rule this way:
ACFpgm263R Enter your CA‑ACF2 logonid
This validates system entry. For this value, standard UID masking applies.
To implement CA ACF2 for z/VM group logon support for virtual machines, you must write group logon resource rules and store them on the Infostorage database. The $KEY value for a resource rule is the group logon machine.
For example:
$KEY(MAINT) TYPE(GRP) UID(TLC) ALLOW UID(MAINT) PREVENT
The RESCLASS VMO record defines the type‑code required for resource rule validation of group machines. The default specification is GRP, implementing type‑code GRP. This rule set lets any user with the UID mask TLC‑ log on as a MAINT group user. To ensure that no password sharing takes place, we recommend that you prevent users from logging on as the group machine itself. The PREVENT rule entry specifies this.
Use the COMPILE subcommand of the RESOURCE setting to create resource rules for the group machines at your site. Below is an example of how to create the resource rule set previously displayed.
acf ACF set resource(grp) RESOURCE compile ACFpgm510I ACF COMPILER ENTERED $KEY(maint) type(grp) uid(tlc) allow uid(maint) prevent end ACFpgm551I TOTAL RECORD LENGTH=NN BYTES NN PERCENT UTILIZED store ACFpgm769I RULE MAINT STORED end
Invalid access attempts are reported in the Resource Event Log (ACFRPTRV). For more information about the ACFRPTRV report, see the Reports and Utilities Guide.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|