There are two ways to specify LDEV as a LOGON rule: as the requester parameter or as an option. The following two rules are equivalent:
ACCEPT LDEV LOGON (NOPASS ACCEPT * LOGON (NOPASS LDEV
Note: To prevent users from writing LOGON rules with the NOPASS option, use the RULEUPDT user exit. For information about using the RULEUPDT user exit, see the Reference Guide.
Examples
ACCEPT 0513 LOGON (NOPASS
REJECT 0100 LOGON (LDEV
ACCEPT 0044 LOGON REJECT * LOGON
This allows the user to log on only from terminal address 0044. Attempts to log on from any other terminal addresses are rejected if no overriding rules exist at the system or group level. Make sure that the user you are restricting to terminal address 0044 does not have RULES authorization, which would allow him to modify his own rules file.
ACCEPT 0044‑0045 LOGON ACCEPT 0048 LOGON REJECT * LOGON
If no overriding rules exist at the system level, these records allow members of the security group to log on only from the specified terminal addresses.
ACCEPT C009‑C014 LOGON (NOPASS LDEV ACCEPT 10.0.89.1 LOGON (NOPASS IPADDR
REJECT * LOGON
REJECT * LOGON (LDEV
|
Copyright © 2014 CA.
All rights reserved.
|
|