In this section: |
This section describes how to use the CA-ACF2 Interface that you intalled with prior releases of FOCUS.
This procedure assumes that the FOCUSID module that makes the connection between FOCUS and CA-ACF2 already exists. You may need to relink it to run it in this release.
If you install FOCUS 7.7.03 gen 778 or higher, and you had a working FOCUSID module in a prior FOCUS release (for example, 7.6.13) or a prior 7.7.03 gen, copy it from that release or gen to your newly installed test version of the hlq_7703.FOCLIB.LOAD library. If it has already been linked AMODE 31, RMODE ANY, then it will work without relinking. If the FOCUSID module was linked AMODE 24, RMODE 24, then FOCUS will abend with an 0C4. To prove that this abend is caused by the FOCUSID module, rename the FOCUSID module to FOCUSIDO and restart FOCUS. If FOCUS comes up without abending, then you must use the following JCL to relink the module AMODE 31, RMODE ANY.
//Add JOB card here //******************************************************************** //* Update the 'installed_hlq' variable to the high-level qualifier //* you used during ISETUP installation //* Update the dsn_load variable to the fully-qualified name of //* your test load library. //* Note that the dsn_load value should not be in quotes. //******************************************************************** //SETS SET SOURCE='installed_hlq.F.HOME.DATA(FOCUSIDA)' // SET LOADLIB=dsn_load //******************************************************************** //* Compile for ASSEMBLER (ASMA90) ... //******************************************************************** //ASSEMBLR EXEC PGM=ASMA90, // PARM='NODECK,OBJECT,LIST,XREF(SHORT)' //SYSIN DD DISP=SHR,DSN=&SOURCE //SYSLIB DD DISP=SHR,DSN=SYS1.MACLIB // DD DISP=SHR,DSN=SYS1.MODGEN //SYSTERM DD SYSOUT=* //SYSPUNCH DD DUMMY //SYSLIN DD DSN=&&LOADSET,DISP=(,PASS),UNIT=SYSDA, // SPACE=(CYL,(1,1)), // DCB=(RECFM=FB,LRECL=80,BLKSIZE=3200) //SYSPRINT DD SYSOUT=* //SYSOUT DD SYSOUT=* //SYSCPRT DD SYSOUT=* //SYSUT1 DD SPACE=(CYL,(1,1)),UNIT=SYSDA
Note: Because your FOCUSID module is customized at your site and, therefore is not distributed with FOCUS, you must copy it to your new test and production environments every time you install a new gen of FOCUS 7.7.03.
How to: |
Reference: |
The FOCUS/CA-ACF2 Interface is an optional FOCUS facility that integrates FOCUS security features with the CA-ACF2 file security system. It provides the following benefits to FOCUS users and security administrators:
Each logon ID exists on a CA-ACF2 LOGONID record and is paired with a FOCUS user ID that provides access to FOCUS data sources. Upon entering FOCUS, the CA-ACF2 Interface infers the FOCUS user ID from the user-supplied logon ID. This FOCUS user ID is maintained for the duration of the session, and may or may not be overridden by the user. The result of the inference is equivalent to issuing the FOCUS command:
SET USER = userid
Once installed, FOCUS users see no difference between the default version of FOCUS and the CA-ACF2 protected version until they attempt to override the FOCUS user IDs. Database administrators can use the CA-ACF2 CHANGE command to assign FOCUS user IDs to logon IDs as default or imposed FOCUS user IDs.
The LOGONID record contains a default FOCUS user ID that the user can override, which can be up to eight bytes long and is inferred for the LOGONID record of the user.
To assign a default FOCUS user ID for a logon ID, use the CHANGE command and specify a FOCUS user ID (up to eight bytes long) that does not end in a period. For example, if logon user SMITH wishes to access the data as TOM, he (or the /jadministrator) would issue the following CA-ACF2 command:
CHANGE SMITH FOCUSID(TOM)
This is functionally equivalent to issuing the FOCUS command
SET USER = TOM
or
SET PASS = TOM
issued by user ID SMITH. SMITH could override this latest access by issuing another SET USER or SET PASS command, or a Dialogue Manager -PASS command.
When the CA-ACF2 LOGONID record contains an imposed FOCUS user ID, the user cannot override it. An imposed FOCUS user ID can have up to seven bytes plus a period, for a maximum length of eight bytes.
To assign an imposed FOCUS user ID to a logon ID, use the CA-ACF2 CHANGE command and include a period (.) at the end of the FOCUS user ID. For example,
CHANGE SMITH FOCUSID(TOM.)
This assigns an imposed FOCUS user ID of TOM. for logon ID, SMITH. In this case, the user operates FOCUS with an imposed level of access to FOCUS files that he cannot change. FOCUS behaves as if user SMITH had entered
SET USER = TOM
as his first FOCUS command. However, the period at the end of the FOCUS user ID in the LOGONID record prevents the user from overriding this level of access. Any attempt to override the imposed ID results in a FOCUS diagnostic message.
It is not necessary to identify all possible FOCUS users in the CA-ACF2 LOGONID records. Users whose LOGONID records provide no FOCUS user ID operate FOCUS as if the FOCUS/CA-ACF2 Interface were not installed. If they wish to access files protected by FOCUS security features, they must identify themselves through an explicit SET USER or SET PASS command or the Dialogue Manager -PASS command.
|
Information Builders |