In this section: |
There are two options for using an external password security system with FOCUS:
How to: Reference: |
The FOCUS/CA-ACF2 Interface is an optional FOCUS facility that integrates FOCUS security features with the CA-ACF2 file security system. It provides the following benefits to FOCUS users and security administrators:
Each logon ID exists on a CA-ACF2 LOGONID record and is paired with a FOCUS user ID that provides access to FOCUS data sources. Upon entering FOCUS, the CA-ACF2 Interface infers the FOCUS user ID from the user-supplied logon ID. This FOCUS user ID is maintained for the duration of the session, and may or may not be overridden by the user. The result of the inference is equivalent to issuing the FOCUS command
SET USER = userid
Once installed, FOCUS users see no difference between the default version of FOCUS and the CA-ACF2 protected version until they attempt to override the FOCUS user IDs. Database administrators can use the CA-ACF2 CHANGE command to assign FOCUS user IDs to logon IDs as default or imposed FOCUS user IDs.
The LOGONID record contains a default FOCUS user ID that the user can override, which can be up to eight bytes long and is inferred for the LOGONID record for the user.
To assign a default FOCUS user ID for a logon ID, use the CHANGE command and specify a FOCUS user ID (up to eight bytes long) that does not end in a period. For example, if logon user SMITH wishes to access the data as TOM, he (or the /jadministrator) would issue the following CA-ACF2 command:
CHANGE SMITH FOCUSID(TOM)
This is functionally equivalent to issuing the FOCUS command
SET USER = TOM
or
SET PASS = TOM
issued by userid SMITH. SMITH could override this latest access by issuing another SET USER or SET PASS command, or a Dialogue Manager -PASS command.
When the CA-ACF2 LOGONID record contains an imposed FOCUS user ID, the user cannot override it. An imposed FOCUS user ID can have up to seven bytes plus a period, for a maximum length of eight bytes.
To assign an imposed FOCUS user ID to a logon ID, use the CA-ACF2 CHANGE command and include a period (.) at the end of the FOCUS user ID. For example,
CHANGE SMITH FOCUSID(TOM.)
This assigns an imposed FOCUS user ID of TOM. for logon ID, SMITH. In this case, the user operates FOCUS with an imposed level of access to FOCUS files that he cannot change. FOCUS behaves as if user SMITH had entered
SET USER = TOM
as his first FOCUS command. However, the period at the end of the FOCUS user ID in the LOGONID record prevents the user from overriding this level of access. Any attempt to override the imposed ID results in a FOCUS diagnostic message.
It is not necessary to identify all possible FOCUS users in the CA-ACF2 LOGONID records. Users whose LOGONID records provide no FOCUS user ID operate FOCUS as if the FOCUS/CA-ACF2 Interface were not installed. If they wish to access files protected by FOCUS security features, they must identify themselves through an explicit SET USER or SET PASS command or the Dialogue Manager -PASS command.
To install the FOCUS/CA-ACF2 Interface, follow these steps:
//LINK1 EXEC PGM=IEWL,PARM='LET,NCAL,LIST,SIZE=1024K' //SYSPRINT DD SYSOUT=* //SYSUT1 DD UNIT=SYSDA,SPACE=(CYL,(10,1)) //OLDMOD DD DSN=prefix.FOCLIB.LOAD,DISP=SHR //FOCUSID DD DSN=prefix.FOCCTL.DATA(FOCACF21),DISP=SHR //MAINTAIN DD DSN=prefix.FOCCTL.DATA,DISP=SHR //*ACFMOD DD DSN=***.***,DISP=SHR //SYSLMOD DD DSN=prefix.TEST.FOCLIB.LOAD,DISP=SHR //SYSLIN DD * MODE AMODE(31),RMODE(ANY) INCLUDE FOCUSID <---- ACF2 CODE INCLUDE MAINTAIN(ACFINT1) <---- MODE-SWITCHING CODE ENTRY ACFINT1 <---- CNTL STATEMENT NAME FOCUSID(R) <---- NEW MODULE INCLUDE MAINTAIN(ACFINT0,ACFID) <---- ACF INTERFACE INCLUDE OLDMOD(FOCUS) <---- MODULE TO BE CHANGED INCLUDE MAINTAIN(FOCUS) <---- LINK1 CNTL STATEMENTS NAME FOCUS(R) <---- NEW MODULE INCLUDE MAINTAIN(ACFINT0,ACFID) <---- ACF INTERFACE INCLUDE OLDMOD(CORFOC) <---- MODULE TO BE CHANGED INCLUDE MAINTAIN(CORFOC) <---- LINK1 CNTL STATEMENTS SETOPT PARM(REUS=RENT) <---- Corfoc is reentrant NAME CORFOC(R) <---- NEW MODUL /*
INCLUDE ACFMOD($ACFGCVT)
LIDFOCID DS CL8 FOCUSID
@CFDE FOCUSID,LIDFOCID,CHAR, X ALTER=ACCOUNT,LIST=ALL,FLAGS=NULL,PRTN=9, X RRTN=1,GROUP=4
Information Builders |