Previous Topic: Defining Access Rights of a UserNext Topic: Securing the MUF (DTSYSTEM)

Using External Security for CA DatacomSecurity Interfaces, CA-ACF2 (z/OS and z/VSE)Defining Access Rights to Tables

Defining Access Rights to Tables

The following rules are examples for securing table access using CA ACF2.

There are ten possible CA Datacom resource classes that can control table access. They are defined with access levels of READ, ADD, UPDATE, or DELETE. For more information about CA Datacom tables and multiple access levels, see Table Classes. These resource classes can be validated by CA ACF2 resource rules using the default type codes of DCT, DFT, DGT, DHT, DPT, DQT, DRT, DST, DTT, or DXT unless there is a matching CLASMAP entry that translates (maps) the resource class to a specific 3-byte resource type.

Note: Some sites may have a site defined CLASMAP for a resource mask "********" mapping to a TYPE code of SAF. In this case, the default for undefined resource classes is SAF rather than the first three characters of the resource class. To override this specific CLASMAP, entries can be added for each CA Datacom resource class.

The following are examples of the Table Resource Classes.

SET RESOURCE(DCT)
COMPILE
$KEY(PRODCXX) TYPE(DCT)
$USERDATA(CA Datacom rules for table access)
dbid.tablename   UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(READ,DELETE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,UPDATE)  PREVENT
dbid.tablename   UID(USERC)  SERVICE(READ,ADD,DELETE,UPDATE)  PREVENT
dbid.tablename.  UID(USERA)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.tablename   UID(USERB)  SERVICE(READ)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.-  UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.-  UID(*)  ALL  PREVENT
-  UID(*)  ALLOW
STORE

SET RESOURCE(DTT)
COMPILE
$KEY(PRODCXX) TYPE(DTT)
$USERDATA(CA Datacom rules for table access)
DB00001.PAY  UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
DB00001.PAY  UID(USERB)  SERVICE(READ,DELETE)  ALLOW
DB00001.PAY  UID(USERB)  SERVICE(ADD,UPDATE)  PREVENT
DB00001.PAY  UID(USERC)  SERVICE(READ,ADD,DELETE,UPDATE)  PREVENT
DB00001.PMF  UID(USERA)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
DB00001.PMF  UID(USERB)  SERVICE(READ)  ALLOW
DB00001.PMF  UID(USERB)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
DB00999.-  UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
DB00999.-  UID(*)  SERVICE(READ,ADD,DELETE,UPDATE)  PREVENT
-  UID(*)  ALLOW
STORE

SET RESOURCE(DFT)
COMPILE
$KEY(PRODCXX) TYPE(DFT)
$USERDATA(CA Datacom rules for table access)
dbid.tablename   UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(READ,DELETE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,UPDATE)  PREVENT
dbid.tablename   UID(USERC)  SERVICE(READ,ADD,DELETE,UPDATE)  PREVENT
dbid.tablename.  UID(USERA)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.tablename   UID(USERB)  SERVICE(READ)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.-  UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.-  UID(*)  ALL  PREVENT
-  UID(*)  ALLOW
STORE

SET RESOURCE(DRT)
COMPILE
$KEY(PRODCXX) TYPE(DRT)
$USERDATA(CA Datacom rules for table access)
dbid.tablename   UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(READ,DELETE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,UPDATE)  PREVENT
dbid.tablename   UID(USERC)  SERVICE(READ,ADD,DELETE,UPDATE)  PREVENT
dbid.tablename.  UID(USERA)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.tablename   UID(USERB)  SERVICE(READ)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.-  UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.-  UID(*)  ALL  PREVENT
-  UID(*)  ALLOW
STORE

SET RESOURCE(DST)
COMPILE
$KEY(PRODCXX) TYPE(DST)
$USERDATA(CA Datacom rules for table access)
dbid.tablename   UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(READ,DELETE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,UPDATE)  PREVENT
dbid.tablename   UID(USERC)  SERVICE(READ,ADD,DELETE,UPDATE)  PREVENT
dbid.tablename.  UID(USERA)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.tablename   UID(USERB)  SERVICE(READ)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.-  UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.-  UID(*)  ALL  PREVENT
-  UID(*)  ALLOW
STORE

SET RESOURCE(DXT)
COMPILE
$KEY(PRODCXX) TYPE(DXT)
$USERDATA(CA Datacom rules for table access)
dbid.tablename   UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(READ,DELETE)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,UPDATE)  PREVENT
dbid.tablename   UID(USERC)  SERVICE(READ,ADD,DELETE,UPDATE)  PREVENT
dbid.tablename.  UID(USERA)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.tablename   UID(USERB)  SERVICE(READ)  ALLOW
dbid.tablename   UID(USERB)  SERVICE(ADD,DELETE,UPDATE)  PREVENT
dbid.-  UID(USERA)  SERVICE(READ,ADD,DELETE,UPDATE)  ALLOW
dbid.-  UID(*)  ALL  PREVENT
-  UID(*)  ALLOW
STORE