Reference Guide › Configuration File Reference › DISPRULE Record (CA VM:Secure only) › Configuration File

Configuration File

DISPRULE is defined in the SECURITY CONFIG file.

Definitions

ALL

Displays a message after every command; the message indicates whether the action was accepted or rejected and shows the rule governing the action. This parameter is useful for testing rules you have just installed; after you have established the rules for your site, the REJECT parameter is usually more practical.

NORULE

Displays messages after commands that are governed by the NORULE record in the SECURITY CONFIG file.

REJECT

Displays the rule that caused a command to be rejected.

Description

The DISPRULE record displays information to your console about the rules that allow or disallow an action or indicates when no rules are found. It is valid only if you are using the CA VM:Secure Rules Facility. If there is no DISPRULE record in the SECURITY CONFIG file, no CA VM:Secure messages are displayed after any command request.

Examples

• The SECURITY CONFIG file contains a DISPRULE ALL record, and user ID DRACULA is covered by a system‑level rule that allows him to link to any minidisk. User DRACULA enters this command:

  link vmanager 191 333 rr
  

  CA VM:Secure displays the following messages:

  CP COMMAND ‘LINK VMANAGER 191 RR’
  ACCEPTED VIA SYSTEM RULE: ACCEPT DRACULA LINK (NOPASS HISTORY
  

• You have just installed the Rules Facility and are in the process of writing rules to restrict system access. Use the following DISPRULE record in combination with a NORULE log message to notify users of access requests that are currently accepted by a NORULE ACCEPT record in the CA VM:Secure SECURITY CONFIG file:

  DISPRULE NORULE
  

  Note: For more information about creating a NORULE log message, see LOGMSG Command. For more information about using the NORULE ACCEPT record, see NORULE Record.