|
  
SafeAccess terminology
SafeAccess introduces some new terms to VM. Use of these terms enables us to differentiate between a virtual minidisk on DASD and a virtual minidisk that has been migrated to SFS with SafeAccess.
SACDISK
A SACDISK is a CMS minidisk that has been migrated to SFS with SafeAccess. SACDISKs are defined in the SafeAccess database while MDISKs or virtual minidisks are defined in the CP directory.
SACLINK
A SACLINK is a simulation of a link statement in the CP directory. A SACLINK points to a SACDISK. SACLINKs are defined in the SafeAccess database.
SACDEV/SDEV
A SACDEV, or SDEV, is an active link by a userid to a SACDISK. An SDEV is similar to a VM VDEV, the difference being that SafeAccess manages SDEVs while VM manages VDEVs. Like a VDEV, an SDEV contains a virtual device address. A userid should never have both an SDEV and a VDEV with the same virtual address. SafeAccess enforces this.
SafeAccess Interceptions
SafeAccess uses CP Exits to modify the behavior of CP minidisk related commands and functions. SafeAccess uses CMS nucleus extensions to modify the behavior of CMS minidisk related commands and functions. These CP Exits and CMS nucleus extensions are called SafeAccess Interceptions or, more specifically, CP Interceptions and CMS Interceptions.
IGNORED
You can designate "ignored" users. SafeAccess never does anything for actions taken by an IGNORED user. For example, if you IGNORE MAINT and user MAINT issues a LINK to a SACDISK, it will fail as "Not in CP Directory".
SACMODE rules
When SafeAccess works with a SafeSFS controlled file pool, it creates special SafeSFS rules called SACMODE rules. When a user links a SACDISK, SACMODE rules enforce Read Only and Read Write modes that are specified on the LINK command. SACMODE rules override all other access control rules. This allows a user that has Write authority for a directory containing a SACDISK to link it with a Read mode and be guaranteed only READ access to the data in the directory while they have the SACDISK linked.
SACPASS rules
SafeSFS has a special rule option called SACPASS. These can be used when SafeAccess works with a SafeSFS controlled file pool. A SafeSFS SACPASS rule allows READ, WRITE, or MULT access if and only if the issuing user can specify the appropriate password. SACPASS rules are used to simulate minidisk link password based access control. SACPASS rules effectively give you link passwords for SFS. SACPASS rules are ignored when SACDISKs are accessed directly using SFS facilities.
|
