This utility creates minidisk access rules from the CP directory. It takes the existing level of security implemented in your CP directory and creates a CMS file of access rules that exactly match your previous level of security.
After ACFCVLNK creates this CMS file, carefully review it to see what links the directory allows. Make changes as necessary before compiling the rule.
Before you can run this utility, CA ACF2 for z/VM Release 3.2 or a later release must be up and running (even if it is in QUIET mode). You must also be running the Logonid databases you are going to use.
To define global authorizations, you should examine the sample file provided with this utility (explained in the next section).
A sample file named GLOBAL AUTH C is provided, as shown below.
Global authorizations allow all users read and write access to the disk. This file lets you avoid writing separate rules for each and every user at your site, resulting in hundreds of separate rules.
MAINT 190 READ MAINT 19D READ MAINT 19E READ * * THE FOLLOWING IS A SAMPLE OF A GLOBAL WRITE AUTHORIZATION. * * MAINT 199 WRITE *
Edit this file before you run ACFCVLNK. To allow write authority to all users for the MAINT 199 disk, just remove the asterisk (*).
Enter the following command to run this utility:
ACFCVLNK
It displays a series of prompts, as illustrated in the following screens.
acfcvlnk ENTER FILENAME, FILETYPE, AND FILEMODE OF USER DIRECTORY FILE OR QUIT TO EXIT. user direct b
The prompt asks you to enter the filename, filetype, and filemode of your site user directory. There is no default.
When you press Enter, you see this prompt.
ENTER FILENAME, FILETYPE, AND FILEMODE OF THE OUTPUT FILE TO CONTAIN YOUR GENERATED ACCESS RULES OR QUIT TO EXIT. new rules a
This prompt requests the filename, filetype, and filemode of the CMS file where ACFCVLNK is to place the created access rules. When you press Enter, you see this prompt.
PLEASE ENTER FILENAME, FILETYPE, AND FILEMODE OF THE OUTPUT FILE TO CONTAIN DIRECTORY IDS WITH NO CORRESPONDING ACF2 LOGONID. no lids a
This prompt asks you to name a holding file for the output of directory IDs that have no logonids associated with them.
After you define the file, press Enter, and you see this prompt.
ENTER: 4 - TO GENERATE 4-DIGIT BASED RULES (THE DEFAULT). QUIT - TO EXIT.
In the above prompt, ACFCVLNK asked you to select whether you want to select three‑ or four‑digit rules. In the example, Enter was pressed to select the default (four‑digit). The following prompt appears.
ENTER: FILENAME, FILETYPE, AND FILEMODE OF GLOBAL AUTHORIZATION FILE, QUIT TO EXIT, OR JUST PRESS ENTER TO SKIP GLOBAL AUTHORIZATIONS. global auth c
This prompt asks you for the filename of the input file that contains the global authorizations (previously explained in the Input File section).
After you enter responses to all the above prompts, you see the ACFCVLNK processing on your screen as shown below.
Processing file GLOBAL AUTH C Processing file USER DIRECT B ACF2 logonid record for user $ALLOC$ does not exist. ACF2 logonid record for user $DIRECT$ does not exist. ACF2 logonid record for user $CP-NUC$ does not exist. ACF2 logonid record for user $SYSCKP$ does not exist. ACF2 logonid record for user $SYSWRM$ does not exist. ACF2 logonid record for user $SPOOL$ does not exist. ACF2 logonid record for user $UNAVAI$ does not exist. ACF2 logonid record for user RSCS2 does not exist. ACF2 logonid record for user CAIXA320 does not exist. Now analyzing directory contents. Userid PVM target ID MAINTSP not found Userid PVM2 target ID MAINTSP not found Creating file NEW RULES A Processing complete. Examine the file NEW RULES A carefully to determine the applicability of the generated rules to your installation. Once you make any necessary changes, you should then invoke the ACF command to compile the rules.
In the analyzing directory contents portion of the above display, notice the lines:
Userid PVM target ID MAINTSP not found Userid PVM2 target ID MAINTSP not found
These lines point out links defined in the CP directory that are in error. In the above example, ACFCVLNK could not find MAINTSP.
ACFCVLNK creates two files, as specified in our response to the prompts.
This file (specified as NEW RULES A) contains the newly created access rules.
$KEY(MAINT) V0190.- UID(*) READ(A) EXEC(A) V019E.- UID(*) READ(A) EXEC(A) V019D.- UID(*) READ(A) EXEC(A) V0191.- UID(RAD ) READ(A) EXEC(A) V0191.- UID(AUTOLOG1 ) READ(A) EXEC(A) V0191.- UID(SMART ) READ(A) EXEC(A) V0319.- UID(CAI2VESA ) READ(A) EXEC(A) V0191.- UID(CMSBATCH ) READ(A) EXEC(A) $KEY(RAD) V0191.- UID(MAINT ) READ(A) EXEC(A) V0191.- UID(RAD ) READ(A) EXEC(A) $KEY(PVM) V0191.- UID(PVM6 ) READ(A) EXEC(A) $KEY(BATCH) V019E.- UID(BATCHXA1 ) READ(A) EXEC(A)
Carefully review this file and the next file before you compile the rule. Check to see if you can use rule masking to simplify and shorten the rule set.
This holding file (specified as NO LIDS A) contains those CP directory entries that had no corresponding CA ACF2 for z/VM logonids. Use it to decide if you need to create logonids for these entries.
$ALLOC$ $DIRECT$ $CP-NUC$ $SYSCKP$ $SYSWRM$ $SPOOL$ $UNAVAI$ VMXASP1 RSCS2 CAIXA320
Compiling The Rules
After you are satisfied that the NEW RULES A file contains the correct data, use the ACF COMPILE or ACFCOMP command to compile the rules.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|