Querying the Rules Database.

Document ID : KB000010081
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

VM:Secure provides three commands to query the rules structure you have built: CAN, QRULES, and RULEMAP. 

Environment:
VM:Secure is configured with Rules.
Instructions:

CA VM:Secure provides three commands to query the rules structure you have built: CAN, QRULES, and RULEMAP. Use these commands while you construct your rules database and periodically thereafter to verify that users have appropriate permission to access resources.

The CAN and QRULES commands are provided to respond to the question, "Can USERx access resource Y?" CAN is designed for programmatic use; it displays a return code indicating whether the user can access the resource. QRULES responds to this query by displaying the rule governing the access request.

 

The RULEMAP command lists rules that apply to a named user or security group. Use RULEMAP to answer the question, "Which rules specifically reference USERx?"

Additional Information:

These commands are documented in the VM:Secure Command Reference which you can access at: 

  https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/with-security-mgmt/en/reference/command-reference