The ACCESS subcommand lists each rule line that matches a given input resource and the Logonids that match the UID mask, ROLE, or USER on the rule line. The ACCESS subcommand simulates validation for users that match the UID mask, ROLE, or USER on each matching rule line. If a Logonid matches a given rule line, the Logonid is not listed for subsequent rule lines that the Logonid also matches. The exceptions to this rule are as follows:
- Rule lines that contain environment variables such as, PROGRAM, SHIFT, RECCHECK, and so on. When these parameters are found on rule lines and a user has not matched a previous rule line that does not contain environment variables, the ACCESS subcommand's output lists the user after the matching rule lines, until a matching rule line is encountered that does not contain environment variables. This rule line is the last rule line that the user is listed under.
- Rule lines with the ROLE() keyword lists Logonids under the ROLE each time the ROLE is encountered in a rule line.
Issue the following command after a logonid is added or a UID string changes:
The following commands should be issued in the given order after any X(ROL) records are inserted, changed or deleted:
F ACF2,NEWXREF,TYPE(ROL) F ACF2,NEWUID
ACCESS DSNAME('DSNAME') RESOURCE('RESOURCE') TYPE('TYPE') CLASS('CLASS') SYSID('SYSID')
Specifies the name of a data set. Masking is not allowed. The data set name can be with or without quotes. If quotes are not used, the prefix of the command issuer is used as the high-level qualifier of the data set. A data set name can have from 1 to 22 levels of qualifiers. Each level must begin with an alphabetic character or the following characters:
- At symbol (@)
- Dollar sign ($)
- Pound sign (#)
You can specify up to eight-characters per level. The entire data set name, including periods, can contain up to 44 characters.
Specifies the name of a generalized resource or DB2 resource. It follows the rules for resource names as described in Resource Rules.
Specifies the one- to three-character resource type of the given resource.
Specifies the one character class of the given resource. The supported classes for the ACCESS subcommand are R for generalized resources and D for DB2 resources. The default is R.
Note: Class and Sysid are required when specifying a DB2 resource.
Specifies the one- to four-character DB2 subsystem ID.
Note: Setting the ACCESS field of the OPTS record, a refresh of the OPTS record, and the F ACF2,NEWUID operator command to build the LID/UID cross-reference table are required to activate the ACCESS subcommand dynamically while CA ACF2 is active. CA ACF2 normally builds the LID/UID cross-reference table at CA ACF2 initialization, if the GSO OPTS ACCESS field is on.
Class and Sysid are required when specifying a DB2 resource.
Access Subcommand Syntax
access dsname('sys1.parmlib') ACCESS Subcommand Results as of 09/12/14-13:14 for: SYS1.PARMLIB Key: SYS1 Ruleline: - VOL(ACF***) UID(*****QAT) READ(A) WRITE(A) EXEC(A) Lids: BNDOLVZ BVSDEVZ CVCTHVZ HVGWBVZ HVSSYEQ JVNKBLK ODOPBEQ PVBSTOT RVDERVZ TBNMIHE Ruleline: - VOL(ACF***) UID(*****SSD) READ(A) WRITE(A) EXEC(A) Lids: BBYJOOT CHBTEQS CDNKEOT GRBLYCG GGJSBOT HFRDE10 HFNBDCG HUVVBQS KBLDBCG KVUGECG KVODBCG LVEGBCG LVWJBCG NBYHOCG PVTJB04 PVEKEOT PVIJB05 RVPTHOT SVKTHCG VSDDBH Ruleline: - VOL(ACF***) UID(*****TSS) READ(A) WRITE(A) EXEC(A) Lids: BLBMIOT CVBPEOT DVCROCG DVCTIB1 DVCTICG DVMFROT FVKLIOT KIVTHCG KVEMBCG LOVJBOT MIVSTOT PFVDBB2 PVLDBOT ROVMIOT STVROOT SVCKECG TVIKLOT TVSFBD TVSFBD1 TSVFBD2 TSVISOS TSVKMS TVSMROB TVSMROB TSVPDC TSVPDC1 TSVSFM TSVTWC TSVXFER Ruleline: - VOL(IDI***) UID(GOES*V********ELZGECG) READ(A) WRITE(A) EXEC(A) Lids: ELZGECG Ruleline: - VOL(IDI***) UID(GOES*V********LVTDICG) READ(A) WRITE(A) EXEC(A) Lids: LVTDICG Ruleline: - VOL(MSMT**) UID(GOES*V********BVISTCG) READ(A) WRITE(A) ALLOC(A) EXEC(A) Lids: BVISTCG Ruleline: - VOL(MSMT**) UID(GOES*V********BROLEQS) READ(A) WRITE(A) ALLOC(A) EXEC(A) Lids: No logonids found Ruleline: - VOL(MVCA61) UID(GOES*V********PVRJB11) READ(A) WRITE(A) ALLOC(A) EXEC(A) Lids: PVRJB11 Sample ACCESS command for a resource: access resource('CSVDYLPA.ADD.IFG0192A') type(fac) class(r) ACCESS Subcommand Results as of 09/12/14-13:21 for: CSVDYLPA.ADD.IFG0192A Key: RFACCSVDYLPA Ruleline: ADD.IFG0192A UID(SH*99*) SERVICE(READ) ALLOW Lids: No logonids found Ruleline: ADD.- UID(**********GFCFRTR) ALLOW Lids: GFCFRTR RESOURCE