WARN mode functions the same way as LOG mode, except that CA ACF2 for z/VM issues a warning message to the user when there is a violation to an access rule. With each warning message, CA ACF2 for z/VM also sends a site‑supplied warning message. The message instructs the user that in the future this access will be denied if the data owner or security administrator does not change the rule to allow access. WARN mode gives users who do not have permission to use the data a chance to inform the security administrator that they need access. CA ACF2 for z/VM also creates a logging for each of the accesses that are denied. Use WARN mode only for a limited period of time (two weeks is a reasonable guideline) to ensure that you refine rules as necessary. During that time, users have a chance to request any needed changes before migrating to ABORT mode and causing abends. If you run CA ACF2 for z/VM too long in WARN mode, it tends to make users ignore the messages and become impatient with the system.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|