ACF2

What CLASS does this TYPE(PSWD) represent ? How do I activate this resource class ? When I do a SET R(PSWD), I get ACF60022 INVALID OR MISSING TYPE, ACF MODE SET, the TYPE being 4 char long makes it more confusing, there isn't much in detail about this TYPE / CLASS in ACF2 document, except under section SURROGAT page 777 in ACF2 r16 Admin Guide.

Further, can I use the same to PREVENT a person from accessing a logon ID ? Example, application team has a shared ID, and the entire group knows the password. If SURROGAT TYPE(PSWD) is activated, can I write a rule to prevent a person from using the ID ?

$KEY(sharedid) TYPE(PSWD)

 SUBMIT.- UID(applicationteamperson1) ALLOW

 -.- UID(applicationteamperson2) PREVENT

From ACF2 r16 Administrating Guide page 776

SURROGAT
Surrogate processing provides the ability for a user to submit a job that runs under another person's
logonid without the submitter knowing the execution logonid's password. The SURROGAT class also
allows an address space (like a CICS region) to use a logonid without knowing the password.
Resource rules control the ability to do this. The resource created by the SAF call is the userid being
surrogated, followed by the environment being used. An example for JES would be:
$KEY(BETA) TYPE(PSWD)
SUBMIT UID(uid_for_ALPHA) ALLOW

Prem,

The documentation is incorrect. The following three sample rules are incorrect:

$KEY(BETA) TYPE(PSWD) 
SUBMIT UID(uid_for_ALPHA) ALLOW

$KEY(********) TYPE(PSWD) 
DFH- UID(uid_for_CICS_region) ALLOW

$KEY(userid.nopswd) TYPE(PSWD) 
 UID(uid_for_CICS_region) ALLOW 
 UID(uid_for_CICS_region) ALLOW

They should be TYPE(SUR) as follows:

$KEY(BETA) TYPE(SUR) 
SUBMIT UID(uid_for_ALPHA) ALLOW

$KEY(********) TYPE(SUR) 
DFH- UID(uid_for_CICS_region) ALLOW

$KEY(userid.nopswd) TYPE(SUR) 
 UID(uid_for_CICS_region) ALLOW 
 UID(uid_for_CICS_region) ALLOW

I will put in a documentation update to correct this. Please let us know if you have questions. Thanks.

regards,

ACF2 Support