Space banner

   

This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Windows-mode security

For windows-mode security, the following parameters are used:

Parameter

Description

ESMTYPE(AUTO)

MainView automatically determines which ESM is installed and active.

CLASS(‘$BBM’)
NEXT - ‘MainView’

The default security class of $BBM is transformed to class MainView by use of a NEXT statement.

To protect MainView for DB2 windows-mode resources, the site grants the following access:

  • The Technical Services staff has access to all product data and actions on all DB2 systems.

  • All other users have read-only access to product data.

  • Some users are prevented from accessing certain DB2 systems (for example, the Production Staff is denied access to test systems).

To define this security environment, the site uses CA ACF2 rules as shown below.

Sample CA ACF2 rules for MainView for DB2, windows mode

*********************************************************************** 
* MainView RULES FOR WINDOW-MODE FOR MainView FOR DB2                   
*                                                                       
* FORMAT CONTEXT (1ST LEVEL)...BBM.SYS?.MVDB2.DB2?.TA                   
* FORMAT VIEW....(2ND LEVEL)...BBM.MVDB2.DB2?.INTTABLE.ACTION           
*                                                                       
*- NOTE : SEE MANUAL 'IMPLEMENTING SECURITY' FOR DETAIL        
*********************************************************************** 
$KEY(MVDB2) TYPE(MVW)                                                   
$PREFIX(BBM)                                                            
*********************************************************************** 
* appl1    = APPLICATION 1                                              
* appl2    = APLLICATION 2                                              
* devdba   = DEV DBA                                                    
* operator = OPERATIONS STAFF                                           
* prodexpl = PROD/EXPLOITATION STAFF 
*********************************************************************** 
* TECHNICAL SERVICES ACCESS (1ST LEVEL)                                 
*********************************************************************** 
 -.MVDB2.-            UID(sysprog) ALLOW                                
 -.MVDB2.-            UID(techdba) ALLOW                                
 -.MVDB2.-            UID(-) PREVENT 
*********************************************************************** 
* OPERATIONS STAFF ACCESS (1ST LEVEL) ALL DB2                           
*********************************************************************** 
-.MVDB2.-             UID(operator) ALLOW 
*********************************************************************** 
* PRODUCTION STAFF ACCESS (1ST LEVEL) ALL DB2 BUT TEST                  
*********************************************************************** 
-.MVDB2.-             UID(prodexpl) ALLOW                               
SYSD.MVDB2.-          UID(prodexpl) PREVENT                             
SJSD.MVDB2.-          UID(prodexpl) PREVENT 
*********************************************************************** 
* DBA/DEV (1ST LEVEL)                                                   
*********************************************************************** 
SYSA.MVDB2.-          UID(devdba) ALLOW                                 
SYSC.MVDB2.-          UID(devdba) ALLOW                                 
SYSE.MVDB2.DB2M.-     UID(devdba) ALLOW                                 
SYSE.MVDB2.DB2C.-     UID(devdba) ALLOW                                 
SYSH.MVDB2.-          UID(devdba) ALLOW                                 
SYSJ.MVDB2.-          UID(devdba) ALLOW                                 
SYST.MVDB2.DB1S.-     UID(devdba) ALLOW 
*********************************************************************** 
* APPLICATION 1 (1ST LEVEL)                                             
*********************************************************************** 
SYSP.MVDB2.-          UID(********appl1) ALLOW                          
SYSP.MVDB2.-          UID(********appl2) ALLOW                          
*********************************************************************** 
* APPLICATION 2 (1ST LEVEL)                                             
*********************************************************************** 
SYST.MVDB2.DB2V.-     UID(********appl2) ALLOW                          
SYSE.MVDB2.DB2W.-     UID(********appl2) ALLOW 
*********************************************************************** 
* VIEWS ACCESS (2ND LEVEL) FOR TECHNICAL SERVICES                       
* ALL ACCESS                                                            
*********************************************************************** 
MVDB2.-          UID(sysprog) ALLOW                                     
MVDB2.-          UID(techdba) ALLOW                                     
*********************************************************************** 
* VIEWS ACCESS (2ND LEVEL) FOR EVERY BODY ELSE 
* BROWSE ACCESS (OD)                                                    
*********************************************************************** 
MVDB2.-          UID(-) PREVENT                                         
MVDB2.-.-.OD     UID(-) ALLOW                                           
***********************************************************************


Was this page helpful? Yes No Submitting... Thank you

Comments