Like CA ACF2 for z/VM minidisk file level protection that is split into minidisk volume rule and separate CMS file rules, CA ACF2 for z/VM SFS protection is split into two different types of rules: Directory access rules and file access rules. While a user cannot access files on a minidisk unless he is authorized to link to the minidisk, he can access files in an SFS directory without having the authority to access the directory itself. This is most easily done through an alias or through callable services library (CSL) routines. Users can also have write access to files in a directory for which they only have read authority. The main restriction is that if a user does not have read access to a directory, he cannot list the contents of that directory. A user must have write authority to a directory to:
Additional authorization is necessary to manipulate each object in the directory. To provide directory level authorization, the directory owner must write a directory access rule as part of his rule set. The SFS directory access rule is required to issue the CMS ACCESS command for the directory. The next two sections provide information on writing directory and file access rules for shared file systems.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|