ACF2

  • 1.  Additional access to ACF2 user

    Posted Jun 12, 2018 01:38 AM

    Hello Gentlemen,

    I'm looking for some help on ACF2. We've used department names as first few letters of the UID string in our setup. For eg, a storage team member has UID in format STORAG********LID, a MVS team member has UID in format MVSTEM********LID, a Network team member has UID in format NETWOK********LID.

     

    Now, all the rules are setup allowing access using these team identifiers (eg below)

    $KEY(SYS4)

    $USERDATA(XXXXXXXXXXXXXXXX)

    ACF2.- UID(STORAG ) READ(A) WRITE(A) ALLOC(A) EXEC(A)

    ACF2.- UID(NETWOK) READ(A) WRITE(L) ALLOC(L) EXEC(A)

     

    Now, the MVS team member wants to have access to have all of MVS access as well as STORAG & NETWOK access.

     

    Is there a way to achieve this in ACF2. In RACF it is fairly simple, as it has concepts of groups & we can simply connect the same groups to the MVS team member.

     

    Regards,

    Rohit



  • 2.  Re: Additional access to ACF2 user
    Best Answer

    Broadcom Employee
    Posted Jun 13, 2018 08:18 AM

    Hi Rohit,

     

       Each high-level qualifier has a rule.  Add a rule for the MVS person:

     

    $KEY(SYS4)

    $USERDATA(XXXXXXXXXXXXXXXX)

    ACF2.- UID(STORAG ) READ(A) WRITE(A) ALLOC(A) EXEC(A)

    ACF2.- UID(NETWOK) READ(A) WRITE(L) ALLOC(L) EXEC(A)

    ACF2.- UID(MVSTEM********LID) READ(A) WRITE(L) ALLOC(L) EXEC(A)

     

    You can also look at converting to ROLE records with ACF2, which is similar to RACF.  Could be a lot of work involved.

     

    Regards,

    Ken Suchomel

    CA ACF2 Support