The following security rule example executes for any TSO user attempting to access a RDF table. The rule has logic to only allow specific users to access specific tables.
)SEC SQL*
)INIT
/* The purpose of this security rule is to allow only specific users */
/* to update specific RDF tables especially SSM type tables. */
/* Optionally, a GLOBAL.XX variable such as GLOBAL.SSM.USERS could */
/* contain a list of authorized SSM users. This variable could be */
/* used in all SSM SEC type rules and can be simply updated via */
/* OPSVIEW option 4.8. */
USERS = 'TSOUSR1 TSOUSR2 TSOUSR3 TSOUSR4' /* List of allowed users */
TABLES = 'STCTBL DASD_TBL MAJORNODES_TBL'
)PROC
if POS(SEC.OPAUUSID,USERS) = 0 then
do i = 1 to WORDS(TABLES)
TBL = WORD(TABLES,I)
if POS(TBL,SEC.AUSQSQST) > 0 then
return 'REJECT'
end
The following security rule demonstrates how to limit access to specific CA OPS/MVS facilities:
)SEC *
)PROC
/*********************************************************************/
/* Variable definitions : */
/* TSOID - Set to current requestor (SEC.OPAUUSID) */
/* AUTHUSERS - Set to authorized users as set in global variable */
/* OPSREQUEST - Set to the attempting OPSMAIN request */
/*********************************************************************/
TSOID = SEC.OPAUUSID
AUTHUSERS = OPSVALUE('GLOBAL1.OPSMAINP.USERS','O')
OPSREQUEST = SEC.TYPE
/*********************************************************************/
/* Set the security error message variable and reject any user not */
/* in the list of authorized users attempting to perform all */
/* OPSMAIN requests EXCEPT viewing the OPSLOG. */
/*********************************************************************/
if POS(TSOID,AUTHUSERS) = 0 & OPSREQUEST ¬= 'OPSBRW' then
do
ERRMSG = 'Unauthorized to issue OPSMAIN request -'OPSREQUEST
SEC.OPAUERMG = ERRMSG
return 'REJECT'
end
|
Copyright © 2011 CA.
All rights reserved.
|
|