Rules Facility Guide › Rules Reference › LOGON Rule › Description

Description

There are two ways to specify LDEV as a LOGON rule: as the requester parameter or as an option. The following two rules are equivalent:

ACCEPT LDEV LOGON (NOPASS
ACCEPT * LOGON (NOPASS LDEV

Note: To prevent users from writing LOGON rules with the NOPASS option, use the RULEUPDT user exit. For information about using the RULEUPDT user exit, see the Reference Guide.

Examples

• The following rule in the JOHN user rules file specifies that JOHN can be logged on from terminal address 0513 without specifying the JOHN logon password:

  ACCEPT 0513 LOGON (NOPASS
  

• To prevent users from logging on from logical device L0100, create the following system rule:

  REJECT 0100 LOGON (LDEV
  

• To limit a user ID to a single terminal, add records like the following to the user rules file for that user ID:

  ACCEPT 0044 LOGON
  REJECT * LOGON
  

  This allows the user to log on only from terminal address 0044. Attempts to log on from any other terminal addresses are rejected if no overriding rules exist at the system or group level. Make sure that the user you are restricting to terminal address 0044 does not have RULES authorization, which would allow him to modify his own rules file.

• To limit user IDs within one security group to a set of terminals, create a security group rules file containing records like the following:

  ACCEPT 0044‑0045 LOGON
  ACCEPT 0048 LOGON
  REJECT * LOGON
  

  If no overriding rules exist at the system level, these records allow members of the security group to log on only from the specified terminal addresses.

• To allow MARY to log on from a range of logical devices (C0009–C0014) and from home (IPV4 address 10.0.89.1) without specifying a password, add the following rules to the MARY user rules file:

  ACCEPT C009‑C014 LOGON (NOPASS LDEV
  ACCEPT 10.0.89.1 LOGON (NOPASS IPADDR
  

• To prevent any logon to user ID GEORGE from any type of terminal, resource ID, network ID, or logical device, add the following rule to the GEORGE user rules file:

  REJECT * LOGON
  

• To prevent any logon to GEORGE from a logical device, add the following rule to the GEORGE user rules:

  REJECT * LOGON (LDEV