eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
HFSSEC Control Option+12—The address of a single byte which, when set to ‘Y’ by the exit, indicatesthat user ownership of files is in effect.+16—The address of a 256-byte translation table, which is used to translatecertain special characters in a path name.When the exit returns a user directory path location, <strong>CA</strong> SAF HFS processinguses that path name to determine if the path name to be validated should betranslated to a <strong>for</strong>m such that the user ID of the owner of the path becomes thehigh-level qualifier of the path name. This will allow HFS file rules to be writtenat the user level. The default is that no translation takes place <strong>for</strong> userdirectories.An example: if the exit returns the value /u/ as the user directory path namelocation, <strong>and</strong> the file accessed is /u/user01/xfile, then the resource namevalidated is $$USER01.XFILE. A rule to allow access to this file could be:TSS PER(USER01) HFSSEC($$%) ACCESS(UPDATE)When the exit returns the character ‘Y’ indicating that user ownership of fileswithin one’s own directory is in effect, no validation is per<strong>for</strong>med when thecurrent user’s logonid matches that in the user directory. In the above example,validation would be bypassed when USER01 accesses file /u/user01/xfile. Thisoption is meaningless if a user directory path location is not also returned.The supplied translate table is in a <strong>for</strong>mat acceptable as input to the assemblerTR instruction. The default translate table will translate all slash characters in apath name, with the exception of the leading slash, to a period character. Otherspecial characters is translated into the dollar sign ($). These include charactersthat are used as masking characters in resource rules. If not translated, thesecharacters could create undesired results. The special characters include theperiod, asterisk, dash, plus, blank, <strong>and</strong> quote. An exit point is provided whichcan further modify any character in the table to meet special needs, with theexception of the slash character which will always be translated to a perioddelimiter.For a path name translation function, the exit is passed the following parameteraddresses:+0—The address of a single byte containing the character ‘P’ indicating that thisis a path name translation function.+4—The address of a 512-byte work area <strong>for</strong> the use of the exit program.+8—The address of a 255-byte field containing the resource name as modified by<strong>CA</strong> SAF HFS processing. This is the name that is used <strong>for</strong> validation. The exitcan return a modified path name in this same field.+12—The address of a 1023-byte field containing the original unmodified pathname.Controlling Access to the Hierarchical File System 2–13