I am looking at using the VERIFY option for a sensitive transaction. Under what circumstances can you specify the VERIFY option in resource rules?

Document ID : KB000025887
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

I am looking at using the VERIFY option for a sensitive transaction. Under what circumstances can you specify the VERIFY option in resource rules?

 

Description:

The VERIFY option of RESOURCE rules is used to force the user to re-enter their password before they can access the resource. This option can be used with sensitive transactions which require a second authorization before access is permitted. It is up to the application or subsystem that is requesting the resource validation to issue the additional prompt to verify the password. The CA-ACF2 CICS interface and CA-ACF2 IMS interface support this option and will issue the additional password prompt, requiring the user to RE-ENTER their password as a second authorization before CA-ACF2 will grant the access.

 

Solution:

The following is an example using the VERIFY option for the PAYT CICS transaction: The type code for this resource is CKC.

ACF
SET RESOURCE(CKC)
COMPILE *
$KEY(PAYT) TYPE(CKC)
UID(some user) ALLOW VERIFY
 
STORE

In the above example, the user will be forced to re-enter their password before they are allowed to access the PAYT transaction.

The CA-ACF2 Administrator Guide, the chapter on Maintaining Resource Rules, contains more information related to the VERIFY option in resource rules.