Previous Topic: Defining UsersNext Topic: Defining Access Rights to Tables

Using External Security for CA DatacomSecurity Interfaces, CA-ACF2 (z/OS and z/VSE)Defining Access Rights of a User

Defining Access Rights of a User

The following are examples of rules for securing various CA Datacom/DB utilities using CA ACF2. For details, see the documentation CA ACF2.

SET RESOURCE(DTU)
COMPILE
$KEY(PRODCXX) TYPE(DTU)
$USERDATA(CA Datacom rules for resource DTUTIL)
DBUTLTY.BACKUP.CXX     UID(USERA)  ALLOW
DBUTLTY.BACKUP.DATA   UID(USERA)  ALLOW
DBUTLTY.BACKUP.DATA   UID(USERB)  PREVENT
DBUTLTY.BACKUP.-  UID(USERC)  PREVENT
DBUTLTY.COMM.-  UID(USERA)  ALLOW
DBUTLTY.COMM.-  UID(*)  PREVENT
DBUTLTY.LOAD.- UID(USERA)  ALLOW
DBUTLTY.LOAD.- UID(USERB)  PREVENT
DBUTLTY.REPORT.- UID(*)  ALLOW
DB00001.PAY.LOAD UID(USERA)  ALLOW
DB00001.PAY.LOAD UID(USERB)  PREVENT
DB00001.PAY.BACKUP UID(USERA)  ALLOW
DB00999.- UID(USERC)  PREVENT
DB00999.- UID(*)  ALLOW
-  UID(*)  PREVENT
STORE

The following rules only allow USERA to create SQL schemas, drop tables, and have product administration authority for CA Datacom Datadictionary and CA Dataquery.

SET RESOURCE(DTA)
COMPILE
$KEY(PRODCXX) TYPE(DTA)
$USERDATA(CA Datacom rules for the Administrator)
-  UID(USERA)  ALLOW
-  UID(*)  PREVENT
STORE

For more information about the DTADMIN resource, see DTADMIN.