Controlling the Use of FTP › How to Set Up a SAF Qualifier Under CA ACF2 for z/OS

How to Set Up a SAF Qualifier Under CA ACF2 for z/OS

To set up a SAF qualifier under CA ACF2 for z/OS

  1. Define an FTP rule type. 
    ACF
SET CON(GSO)
IN CLASMAP.FTP RESOURCE($FTP) RSRCTYPE(FTP) ENTITYLN(157)
END

    This maps $FTP SAF rules to an CA ACF2 for z/OS resource type of FTP. It also sets a maximum length for profile names.

  2. Compile a rule similar to the following to allow users access to appropriate FTP SAF rules:

    Note: Rule lines after the $KEY line must be in column 2.

    If you compile this rule in TSO, you must enter a blank line after the last rule line entry and before the STORE command.

    ACF
COMP *
$KEY(FTP) TYPE(FTP)
 saf-qualifier1.- UID(uid_string) SERVICE(READ) ALLOW
 saf-qualifier2.- UID(uid_string) SERVICE(UPDATE) ALLOW
 saf-qualifier3.- UID(uid_string) SERVICE(READ) PREVENT
 saf-qualifier4.- UID(uid_string) SERVICE(UPDATE) PREVENT
 saf-qualifier5.10.11.12.13.filename UID(uid_string) SERVICE(UPDATE) ALLOW

STORE
END

More information:

Examples of Using Your SAF Qualifier

Copyright © 2010 CA. All rights reserved.