To access a file in an SFS directory, you need the proper authorization to access the relevant directory. You do this by writing a directory access rule as part of your rule set. The SFS directory access rule is required to access files and to issue the CMS ACCESS command for the directory. For example, if TLCPJM tries to access TLCAMS’ directory called UNITEDSTATES.ILLINOIS.CHICAGO that resides in the APPLDATA filepool, he must issue the following command:
ACCESS APPLDATA:TLCAMS.UNITEDSTATES.ILLINOIS.CHICAGO E
Because TLCPJM does not own this directory, the action defaults to access this directory in read only mode. To allow access, the following read access rule is required:
$KEY(TLCAMS) / FILEPOOL(APPLDATA) DIR(UNITEDSTATES.ILLINOIS.CHICAGO)UID(TLCPJM) READ(A)- EXEC(A)
Even though some CMS commands (such as RENAME) can directly address SFS files without the directory being first accessed by the CMS ACCESS command, you still need the directory access rule because implied access is in effect for the duration of the file access. You can use standard CA ACF2 for z/VM masking characters for the filepool (abbreviated FP) and the directory values. User ID TLCPJM can explicitly request that this directory be accessed in write mode as follows:
ACCESS APPLDATA:TLCAMS.UNITEDSTATES.ILLINOIS.CHICAGO E (FORCERW
There are two types of SFS directories: File Control directories and Directory Control (DIRCONTROL) directories. File Control directories are the most common type. The above access rule would work even if the user only has READ authority for the directory. DIRCONTROL directories require both READ and WRITE access permission in the rule to authorize the access, as shown in the rule below:
$KEY(TLCAMS) / FILEPOOL(APPLDATA) DIR(UNITEDSTATES.ILLINOIS.CHICAGO) UID(TLCPJM) ‑ READ(A) WRITE(A) EXEC(A)
Because SFS directories accessed in write mode can also be read, you must always specify READ(A) when you specify WRITE(A) for SFS access rules.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|