You can prevent unauthorized access to LOGONIDs under CA WA CA 7 Edition. Define SUBMIT resource rules to CA ACF2 to restrict the ability of users to access LOGONIDs other than their own. Generally LOGONIDs that are associated with a given user have established access authority that restricts their access to specific areas of responsibility. The following CA ACF2 commands can be used to define a SUBMIT resource rule under CA ACF2 for a LOGONID to use under CA WA CA 7 Edition. If you have specified a resource type other than SUBMIT (see the SECURITY statement SCLASS keyword), substitute the CA ACF2 SAFDEF assigned to this resource type for SUB.
An example of CLASMAP follows:
CLASMAP.SUB RESOURCE(SUBMIT) RSRCTYPE(SUB)
The following is an example CA WA CA 7 Edition SUBMIT resource rule:
$KEY(CA7USER) TYPE(SUB) * UID(Local UID string) ALLOW * * The above rule allows users with matching UID strings access * to the LOGONID CA7USER. * UID(Local UID string) PREVENT * * The above rule disallows users with matching UID strings access * to the LOGONID CA7USER. *
Identifies the LOGONID, used in this example, for which this SUBMIT resource rule applies.
Identifies the resource rule type. In this case SUB for SUBMIT.
Identifies the UID string for which this resource rule applies.
This example illustrates giving SUBMIT authority from one USERID to another.
* $KEY(USERID2) TYPE(SUB) * UID(Local UID string) SERVICE(READ) ALLOW * *
Identifies the USERID for which the local UID string has submit authority.
Identifies as submit authority. If you have specified a resource type other than SUBMIT (see the SECURITY statement SCLASS keyword), use the RSRCTYPE(…) defined on the CLASMAP definition.
Identifies the UID string of users for which this resource applies.
Identifies the level of access to this resource.
Specifies the CA ACF2 keyword used to grant access to this resource.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|