Querying the Rules Database
search cancel

Querying the Rules Database

book

Article ID: 10081

calendar_today

Updated On:

Products

VM:Secure for z/VM

Issue/Introduction

VM:Secure provides three commands to query the rules structure you have built: CAN, QRULES, and RULEMAP. 



Environment

VM:Secure is configured with Rules.

Resolution

VM:Secure provides three commands to query the rules structure you have in place:

CAN, QRULES, and RULEMAP.   Use these commands while you construct your rules database and periodically thereafter to verify that users have appropriate permission to access resources.

The CAN and QRULES commands are provided to respond to the question, "Can USERx access resource Y?" CAN is designed for programmatic use; it displays a return code indicating whether the user can access the resource. QRULES responds to this query by displaying the rule governing the access request.

The RULEMAP command lists rules that apply to a named user or security group. Use RULEMAP to answer the question, "Which rules specifically reference USERx?"   

 

You will find these commands documented in the VM:Secure Reference guide on Broadcom's Tech Docs Platform found at:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/traditional-management/ca-vm-secure-for-z-vm-with-security/3-2/reference.html