Use the restore authorizations user exit, VMBEXIT3, to grant or deny users the ability to restore data. With this user exit, you can grant or deny all or specific users from restoring their own data as well as data backed up for other users, without having to give them CA VM:Backup system administrator authorization. VMBEXIT3 can also limit the time period from which users can select data to be restored.
CA VM:Backup calls the VMBEXIT3 user exit, specifying a keyword. VMBEXIT3 then returns information to CA VM:Backup indicating whether authorization is granted or denied.
VMBEXIT3 parameters are described in their own sections.
The restore authorizations user exit recognizes two levels of CA VM:Backup authorization:
This user exit is called for every end user restore request, from both full-screen and line-mode terminals.
CA VM:Backup calls the user exit during RESTORE and XRESTORE command line processing and when restore requests are issued from full-screen terminals. VMBEXIT3 is called for every keyword. For information about coding the user exit, see Comprehensive Exit.
VMBEXIT3 is never called when a CA VM:Backup system administrator submits a restore request. These restore requests include those submitted using:
VMBEXIT3 is also not called to request authorization to allow end users to restore data to their own virtual readers.
Use VMBEXIT3 to allow users to restore:
Use VMBEXIT3 to restrict users from restoring:
VMBEXIT3 can also limit the time period from which users can select source files, minidisks, and directories for restores.
CA VM:Backup makes several calls to VMBEXIT3 to check authorizations when processing a restore request from an end user. Up to four types of checks, in the following order, are performed:
The number of authorization checks is determined by the end user expertise level, which can be either novice or expert.
The following table outlines the authorization checks that VMBEXIT3 makes while processing restore requests initiated by novice users. Table rows are listed in the order that CA VM:Backup processes the calling argument keywords. For each keyword, a common question and answer is given regarding how the product processes the keyword.
|
Step |
Calling Argument Keyword |
Question |
Answer |
|---|---|---|---|
|
1 |
FORUSER |
Can the requesting user restore his own data? |
A novice user can only restore his own data; if authorization is denied at this step, the user cannot restore any data. The restore request ends. If authorization is granted, CA VM:Backup calls the user exit for the next authorization check. |
|
2 |
FORDATE |
What is the time period within which backed up data can be restored by the requesting user? |
VMBEXIT3 checks if the user is authorized to restore data during the time period selected. If the user is not authorized to restore data for this time period, the user exit must correct these dates to reflect the authorized dates. If the user exit changes the dates selected by the user, CA VM:Backup notifies the user that the dates were altered by VMBEXIT3, and provides the new dates. The user can either proceed using the authorized dates or end the restore request. If the user is authorized for the time period selected, the user exit does not have to alter the dates. |
After VMBEXIT3 grants authorization for the last keyword, FORDATE, CA VM:Backup processes the restore request in the usual manner.
The following table outlines the authorization checks that VMBEXIT3 makes while processing restore requests issued from expert users and from users executing the RESTORE and XRESTORE commands. Table rows are listed in the order that CA VM:Backup processes the calling argument keywords. For each keyword, a common question and answer is given regarding how the product processes the keyword.
|
Step |
Calling Argument Keyword |
Question |
Answer |
|---|---|---|---|
|
1 |
FORUSER |
Can the requesting user restore for the source user? |
The user exit can either grant or deny expert users authorization to restore for themselves or other users. If VMBEXIT3 denies authorization at this step and the RESTORE or XRESTORE command was entered, the restore request ends; full-screen users can select another user as the source for the restore. If authorization is granted, CA VM:Backup calls the user exit for the next authorization check. |
|
2 |
FORDATE |
What is the time period within which backed up data can be restored by the requesting user? |
VMBEXIT3 is called to check if the user is authorized to restore data backed up for the source user ID during the time period selected. If the user is not authorized to restore data for this time period, the user exit must correct these dates to reflect the authorized dates. If the user exit changes the dates selected by the user, CA VM:Backup notifies the user that the dates were altered by VMBEXIT3, and provides the new dates. If the user is authorized for the time period selected, the user exit does not have to alter the dates. If the user entered the RESTORE or XRESTORE command, CA VM:Backup uses the dates returned by the user exit to continue processing the request. From full-screen, the user can either proceed using the authorized dates or end the restore request. |
|
3 |
FORDISK and/or FORDIR |
Can the requesting user restore data from either a source user ID's minidisk or directory within the authorized time period? |
VMBEXIT3 is called for every backed-up minidisk or directory CA VM:Backup finds within the authorized time period. If the user is not authorized to restore from a backed-up minidisk, neither the minidisk nor any files from the minidisk are displayed for restore selection. If authorization is granted, either the minidisk or files from the minidisk are displayed for restore selection. If the user is not authorized to restore from a backed-up directory, neither the directory nor files from the directory are displayed for restore selection. If authorization is granted, either the directory or files from the directory are displayed for restore selection. |
|
4 |
TODISK or TODIR |
Can the requesting user restore data to either the specified target minidisk or directory? |
VMBEXIT3 is called to check if the user can restore the selected source data to the specified target minidisk or directory. If the user entered the RESTORE or XRESTORE command and authorization is denied, the restore request ends. If the user selected the destination for the restore from a full screen and authorization is denied, the user can either select a different target for the restore or end the request. This check is not performed if the target for the restore is a virtual reader. |
After VMBEXIT3 checks and grants authorization for the last keyword, either TODISK or TODIR, CA VM:Backup processes the restore request in the usual manner.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|