|
  
Verify the SafeAccess Implementation
This section walks you through a test of the SafeAccess facility by creating a SafeAccess Migrated Minidisk and testing your ability to access the disk. Two different tests are given, choose the one that is appropriate to your installation.
If you are using SafeSFS
This test assumes that you have SafeSFS controlling the filepool that you will use in the test. To perform the test you will need a SafeSFS controlled filepool in which you are enrolled and have space available.
Step 1: Choose a test userid, virtual address, and SFS Directory to contain the Migrated Minidisk:
For this test you should pick a userid that exists and a virtual address that does not exist. For example, you might choose OPERATOR 500 (assuming OPERATOR 500 does not exist). Select a filepool that is SafeSFS controlled and in which OPERATOR is enrolled and has space available. For example, you might have a filepool named TESTFP, which is what we'll call it for the rest of this test. The last thing to do is to create a directory in this filepool for the userid that will contain the "contents" of this Migrated Minidisk. For example, you might choose "TESTFP:OPERATOR.MD500."
In our test, we'll assume that you made the following choices. Replace these throughout this test with your choices.
· Userid: OPERATOR
· Minidisk: 500
· Directory that will contain contents of OPERATOR 500: TESTFP:OPERATOR.MD500.
Step 2: Add OPERATOR 500 to the SafeAccess database:
Issue the SafeAccess Add command:
SAFEACC ADD MDISK OPERATOR 500 TSTLAB 20 3390 TSTVOL 20 MR RPASS ALL WPASS WRITE MPASS MULT TESTFP:OPERATOR.MD500.
This command adds an entry in the SafeAccess database for OPERATOR 500 that specifies:
· CMS Label: TSTLAB
· CMS size (CYL on QUERY DISK): 20
· DEVTYPE: 3390
· CP Volser: TSTVOL
· CP Size (See CP QUERY VIRTUAL vdev): 20
· LINKMODE: MR
· Read Password: ALL
· Write Password: WRITE
· Multiple Password: MULT
Step 3: Create TESTFP:OPERATOR.MD500.
Create the directory that will contain the migrated minidisk:
CREATE DIR TESTFP:OPERATOR.MD500.
Note that you may need to be authorized to do this by issuing:
SAFESFS ADD USRDFLT ACCEPT myuserid WRITE TESTFP:OPERATOR.
If you do add this rule, be sure to remove it after creating the directory with:
SAFESFS DELETE USRDFLT ACCEPT myuserid WRITE TESTFP:OPERATOR.MD500.
Step 4: Create Access control rule to allow you to LINK disk R/W without a password
SAFESFS ADD USRDFLT ACCEPT myuserid WRITE TESTFP:OPERATOR.MD500.
Step 5: Test LINK
CP LINK OPERATOR 500 500 W
You should now have a virtual device at address 500. Test this with:
CP QUERY V 500
You should see the response:
DASD 0500 3390 TSTVOL R/W 20 CYL ON DASD SDSK SUBCHANNEL = FFFF
Step 6: Test ACCESS
ACCESS 500 T
You should now have 500 accessed as T. Test this with:
QUERY DISK T
You should see the response:
LABEL VDEV M STAT CYL TYPE BLKSZ FILES BLKS USED-(%) BLKS LEFT BLK TOTAL
TSTLAB 500 T R/W 20 3390 4096 0 0-00 150 150
Note: BLKS values will vary depending on the number of blocks in use and authorized for this userid.
Step 7: Test file creation
XEDIT TEST FILE T
Add a record or two and file it. Test this with:
QUERY DISK T
You should see the response:
LABEL VDEV M STAT CYL TYPE BLKSZ FILES BLKS USED-(%) BLKS LEFT BLK TOTAL
TSTLAB 500 T R/W 20 3390 4096 1 1-00 149 150
Note: You should now see one file on this disk.
Step 8: Test R/O Link:
RELEASE T ( DET
LINK OPERATOR 500 500 RR
ACCESS 500 T
Test this with:
CP Q V 500
You should see:
DASD 0500 3390 TSTVOL R/O 20 CYL ON DASD SDSK SUBCHANNEL = FFFF
Note: Linkmode should now be R/O
Test CMS with:
QUERY DISK T
You should see:
LABEL VDEV M STAT CYL TYPE BLKSZ FILES BLKS USED-(%) BLKS LEFT BLK TOTAL
TSTLAB 500 T R/O 20 3390 4096 1 1-00 149 150
Note: You should see STAT of R/O and one file.
Test R/O status:
XEDIT TEST FILE T
Add a record or two and attempt to file it. You should get the response:
DMSXFI1258E Not authorized to write file TEST1 FILE T1
RELEASE T ( DET
This releases and detaches the disk.
Step 9: Create SACPASS rule
SAFESFS DELETE USRDFLT ACCEPT myuserid WRITE TESTFP:OPERATOR.MD500.
SAFESFS ADD USRDFLT ACCEPT myuserid WRITE TESTFP:OPERATOR.MD500. ( SACPASS
This creates a rule that only allows access if the issuer can supply the correct password.
Step 10: Test R/O LINK:
CP LINK OPERATOR 500 500 RR
Test this with:
CP Q V 500
You should see:
DASD 0500 3390 TSTVOL R/O 20 CYL ON DASD SDSK SUBCHANNEL = FFFF
Note: Linkmode should now be R/O
Step 11: Test R/W LINK:
CP LINK OPERATOR 500 500 W
You should be prompted for the WRITE password. Enter it (WRITE).
Test this with:
CP Q V 500
You should see:
DASD 0500 3390 TSTVOL R/W 20 CYL ON DASD SDSK SUBCHANNEL = FFFF
Note: Linkmode should now be R/W
DET 500 to detach the device.
SafeAccess has now be verified to work with the TESTFP filepool. You should perform this test with every SafeSFS controlled filepool.
|
