The processing section of a rule that responds to a security event executes in the TSO users or batch address space that is attempting to invoke the specified CA OPS/MVS facility. Any type of logic that could possibly suspend the processing of an SEC rule, such as issuing a command and interrogating the output, or allocating and manipulating data sets is not practical and therefore is not allowed. The primary logic that should be incorporated in all security rules is to allow/disallow access to CA OPS/MVS facilities based on a check against the requester (TSO user, or possibly a batch job) of the facility.
Note: Security rules do not process facilities that are invoked from within other AOF rules.
The AOF execution limits apply to the processing section of a rule that responds to a security event.
|
Copyright © 2011 CA.
All rights reserved.
|
|