CA ACF2 provides the ability to "mask" resource names to simplify the specification of access rules for a group of users. To mask a resource rule, enter asterisks for each level of access you want to specify generically for users.
For example, to allow users access to all panels within the CA WA CA 7 Edition Database Maintenance Application, you could define the resource key name as L2DB****. The asterisks mask the panel IDs to L2DBxxxx that would include any panel-ID that has a DB prefix. This permission does not authorize the users to perform all functions from each panel for Database Maintenance. A service level on the resource rule must specify authority for each function.
Note: CA ACF2 requires the use of Resident Directories to use Resource Rule masking. Resident Directories are sometimes required for other CA ACF2 options. For more information about Resource Rule Resident Directories, see the CA ACF2 Administrator Guide (for z/OS).
The following is an example CA WA CA 7 Edition panel resource rule:
$KEY(L2DB1) TYPE(PAN) * UID(Local UID string) SERVICE(READ,ADD,UPDATE,DELETE) ALLOW * * The above rule allows users with matching UID strings to * access the Database Maintenance - Job Definition * panel (L2DB1) with full function authority. * UID(Local UID string) SERVICE(READ) ALLOW * * The above rule allows users with matching UID strings to * access the Database Maintenance - Job Definition panel * (L2DB1) with READ access authority only. * UID(Local UID string) PREVENT * * The above rule prevents access to the Database Maintenance - * Job Definition panel (L2DB1) for users with a matching UID * string.
Identifies the Database Maintenance - Job Definition panel. The L2 preceding the DB1 is the CA WA CA 7 Edition product code and is required.
Identifies the type of resource rule. If you have specified a resource type other than PANEL (see the SECURITY statement PCLASS keyword), substitute the CA ACF2 SAFDEF assigned to this resource type for PAN.
Identifies the UID string of users for which this resource rule applies.
Allows users with a matching UID string access to the indicated resource.
Prevents users with a matching UID string access to the indicated resource.
Specifies authority for service level access to functions on each panel. Access to a panel does not grant full access to the functions contained on that panel. The valid service levels are READ, ADD, UPDATE, and DELETE.
Note: All CA WA CA 7 Edition panel and command resource rules under CA ACF2 require a resource type of PAN.
The following is an example CA WA CA 7 Edition "masked" panel resource rule:
* $KEY(L2DB****) TYPE(PAN) * UID(Local UID string) SERVICE(READ) ALLOW * * The rule above uses Resource Rule "masking." The Resource name * has been "masked" using asterisks. This rule would allow any users * with a matching UID string access to all CA 7 Database Maintenance * panels with a service level of READ. *
Identifies any CA WA CA 7 Edition Database Maintenance panel by using Resource Rule masking. The asterisks mask the last four characters of the resource name allowing access to any panel with a prefix of L2DB.
Identifies the UID string of users for which this resource applies.
Identifies the level of access to this resource.
Specifies the CA ACF2 keyword used to grant access to this resource.
Note: CA ACF2 requires the use of Resident Directories to use Resource Rule masking. Other CA ACF2 options sometimes require Resident Directories. For more information about Resource Rule Resident Directories, see the CA ACF2 Administrator Guide (for z/OS).
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|