How does the standalone '-' masking character on a resource rule entry work?

search cancel

How does the standalone '-' masking character on a resource rule entry work?

book

Article ID: 13129

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

How does the standalone '-' masking character on a resource rule entry work?

Environment

Release:
Component: ACF2MS

Resolution

The standalone '-' masking character on an extended resource rule entry matches with any number of additional qualifiers that follow the high level qualifier specified in the $KEY.

For example, given the following rule:

$KEY(TEST) TYPE(SAF)
- UID(abcdef) ALLOW

Any of the following resource names accessed by a logonid with UID(abcdef) will match the extended resource rule entry '- UID(abcdef) ALLOW' and be allowed access:

TEST
TEST.qual2
TEST.qual2.qual3
TEST.qual2.qual3.qual4

Feedback

thumb_up Yes

thumb_down No