Dispatch

CA Dispatch is secured by ACF2.

How to grant a recipient temporary period access to CA Dispatch? Currently client has to remember to delete the recipient from CA Dispatch when the access period expire. Any way to grant access with end date?

Hello Rick,

My name is Mariette Baudry and I am part of the CA Technologies Common Services team at CA Technologies in EMEA (Europe). 

I saw your question this morning:

How to grant a recipient temporary period access to CA Dispatch? Currently client has to remember to delete the recipient from CA Dispatch when the access period expire. Any way to grant access with end date?

I looked at ACF2 product and find this information at the url:

https://docops.ca.com/ca-acf2-for-z-os/16-0/en/installing-and-implementing/implement-ca-acf2/access-rule-procedures

Write Temporary Rules

You can use the FOR and UNTIL operands in a rule set to specify a time limit after which the rule is no longer effective. The FOR operand lets you create a rule that automatically expires after a number of days. For example, you could enter the previous TEST rule as:

$KEY(TEST)   -   FOR(30) R(A) W(A) A(A) E(A)

This rule, when compiled and stored by CA ACF2, automatically expires 30 days later. With no rule left allowing everyone access at that point, accesses to TEST data sets again appear on the logging reports. The security administrator does not need to go back and redefine the initial rule.

So you can indicate a time limit, in this example, this rule will automatically expire in 30 days.

Let me know if you have other questions.

I wish you an excellent day.

Mariette

Mariette BAUDRY

Sr Support Engineer CCS390 CSM SYSVIEW

Mariette,

Thanks for your response. The client already has following rule defined:

$KEY(VIEW.RPT01.SESW003) TYPE(CAR)                                          

UID(**********SPSKCL) SERVICE(READ,ADD,DELETE,UPDATE) ALLOW                

UID(**********SPSLYW) SERVICE(READ,ADD,DELETE,UPDATE) ALLOW                

If we specify the FOR operand, will it affect the other UID which already have access.

What we want is to grant temp access to a UID. Add the new UID to the rule if we need to grant them access and have to remember to delete UID from the rule if the access expire.

Any suggestions.

Regards,

Rick.

Hi Rick,

Thanks for your fast feedback.

I am researching how to grant temporary access to a UID and I will keep you posted

about my findings.

Wishing you an excellent day.

Sincerely, Mariette

Mariette BAUDRY

Sr Support Engineer CCS390 CSM SYSVIEW

Hi Rick,

You can check the third Rule Line:

$KEY(VIEW.RPT01.SESW003) TYPE(CAR)                                          
UID(**********SPSKCL) SERVICE(READ,ADD,DELETE,UPDATE) ALLOW                
UID(**********SPSLYW) SERVICE(READ,ADD,DELETE,UPDATE) ALLOW
UID(uid) SERVICE(READ,ADD,DELETE,UPDATE) ALLOW UNTIL(dd/mm/yy) <=== This should do it?                
                
'UNtil(date)' specifies the last date on which an access can take place under this Rule. The DATE field of the GSO OPTS Record determines the date format. Once the Rule Line has expired, it will automatically be discarded by the Compiler the next time the Rule is compiled. Simples.

I hope this will help you.

I wish you an excellent day.

Mariette

Mariette BAUDRY

Sr Support Engineer CCS390 CSM SYSVIEW

Mariette,

Great!! This is what we need. Thanks very much. 

Regards,

Rick.

Hi Rick,

I am happy to have responded to your question.

I wish you an excellent weekend.

Mariette

Mariette BAUDRY

Sr Support Engineer CCS390 CSM SYSVIEW