Preparing for Database Sharing

Converting to Full Security › Sharing CA ACF2 for z/VM Databases › Preparing for Database Sharing

Preparing for Database Sharing

The following list describes some information for database sharing. Existing CA ACF2 for z/VM sites have additional information to consider if they run the database merge utility (ACFDBVSM). This information is pointed out below, where appropriate.

Passwords

When you log on for the first time under database sharing, you must use your most recently‑updated password. The PSWD‑TOD field of the logonid record indicates the date that you last changed your password.

Access rules

After ACFDBVSM processing, any rules that existed in both databases are merged.

Entry, scope, shift, and zone records

You should inspect these records before you implement database sharing. After the implementation, check these records for existence and accuracy. Only the records that are not duplicated by their VSAM counterparts should be added during ACFDBVSM processing.

UID

You must use the same UID structure on all systems so that CA ACF2 for z/VM interprets all rule sets the same way for all systems. Print specific logonid records with their associated access rules for later comparison.

Unique system control

If you want to exercise separate control over different VM systems in a shared database complex, consider having unique ACFFDRs for each system. With unique ACFFDRs, you can specify a separate SMFID so you know what system is being logged. You can control what systems users can to log onto, have unique or shared rules sets for command limiting, diagnose limiting, CA ACF2 for z/VM‑defined resources, and separate ATTACH rules.

SMF control

To identify which system an SMF logging occurred on, use the SMFID= operand of the @SMF macro in the ACFFDR. The SYSID macro in the ACFFDR is also recorded in the SMF records.

Command limiting and diagnose limiting control

For separate command limiting and diagnose limiting rule sets

Choose an MDLTYPE value for each unique system.
Compile the command models for each value. For example, if you have three systems installed, call them MDLTYPE=VMA, MDLTYPE=VMB, and MDLTYPE=VMC. Compile the model set under each MDLTYPE:
```
ACF
```
```
set model
```
```
MODEL
```
```
compile ZVMnnn mdltype(VMA) nolist
```
```
 .
```
```
 .
```
```
 .
```
```
compile ZVMnnn mdltype(VMB) nolist
```
```
 .
```
```
 .
```
```
 .
```
```
compile ZVMnnn mdltype(VMC) nolist
```
```
 .
```
```
 .
```
```
 .
```
Implement by setting the MDLTYPE operand of the CMDLIM VMO record to the designated value for each system.

CA ACF2 for z/VM‑defined resource control

To have unique system resource rules for CA ACF2 for z/VM‑defined resources, modify the TYPES option of the RESTYPE VMO record and write the appropriate resource rules.

DASD ATTACH control

To have unique ATTACH rules for each system, modify the ATTKEY option of the OPTS VMO record and write the appropriate system rules.