The DIRECTRY resource class is used to restrict user access to particular SFS directories. The syntax is as follow:
TSS PER(acid) DIRECTRY(directory[:subdirectory,],...)
[FILE(filename)] [POOL(filepool)] [ACCESS(level )]
Specifies the SFS directory name. You can optionally specify one or more subdirectories within that particular directory. Extended masking is supported using the %, *,and + characters. If you intend to use the “+” as a masking character, you should note that it is also considered a valid character for CMS directory and file names.
Up to five (5) directories can be specified per PERMIT.
Specifies a particular file or file prefix within that directory. The FILE parameter is optional.
Specifies a particular file pool (SFS server machine) in which the directory is located. This parameter is also optional and can be used when there are two like named directories existing on different file pools.
Specifies the type of access the ACID will have to that directory. DIRECTRY supports the following access level:
If no access level is specified, READ will be assumed. UPDATE access is only supported for files that currently exist in the directory.
Note: If you have stored commonly used or accessed EXECs or files on an SFS directory, you should PERMIT that directory to the ALL Record with an access level of READ.
We are enforcing the ICHCONN access authority requirements as documented in the IBM publication External Security Interface (RACROUTE) Macro Reference for MVS and VM (document number GC28-1366). CA Top Secret security products use the resource class IBMFAC for this authorization. In the case of Shared File System (SFS) security, the SFS service machine must be permitted to IBMFAC(ICHCONN) ACCESS(UPDATE) to successfully provide security. All service machines using RACROUTE to provide security require a similar permission to their security record.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|