Use the QRULES command to query the rules database to determine what current rule governs a specific action. You do not want to create an authorization to make this command generally available because the QRULES command allows checking of access possibilities without journaling of invalid access attempts. (The RULEMAP command is appropriate for general users.)
You can use the QRULES command to determine the exact rule governing a specific request. The rules database is searched for the first, most specific rule.
Note: For more information about the format of the QRULES command, see the Reference Guide.
Examples
vmsecure qrules fraiserc logonby liliths
The system responds as follows:
REJECTED VIA SYSTEM DEFAULT
This means the governing rule is the SYSTEM default rule.
vmsecure qrules dianec tag 6670
The system responds as follows:
ACCEPTED VIA SYSTEM RULE: ACCEPT * TAG 6670
This means a system rule accepts all TAGs to the 6670 node.
vmsecure qrules rebeccah transfer liliths
The system responds as follows:
ACCEPTED VIA USER RULE: ACCEPT * SPOOL
LILITHS’s user rule for SPOOL commands accepts all SPOOL and TRANSFER commands.
vmsecure qrules sysoper link tekdbase 191
The system responds as follows:
REJECTED VIA GROUP RULE: REJECT OPERATNS LINK (GROUP HISTORY
vmsecure qrules sysoper link tekdbase 191 (group support
The system responds as follows:
ACCEPTED VIA NORULE DEFAULT
When SYSOPER is a member of security group OPERATNS, the user ID cannot perform the link based on a group level rule; when SYSOPER is a member of the security group SUPPORT, SYSOPER can perform the link successfully.
|
Copyright © 2014 CA.
All rights reserved.
|
|