The SET subcommand lets you establish the setting of the ACF subcommand.
The SET subcommand lets you establish the setting of the ACF subcommand. The SET subcommand has more functions such as, modifying the operation of other subcommands. The SET subcommand has the following syntax:
SEt or T [Acf] [Control(CAc|CPf|Gso|IMS|MFPOLICY|Net|SMs||DCo|LDS|Tso)] [DIvision(appldiv)|MDiv(?|divison-mask)] [Entry(SRC|SGP)] [Field(EXP|REC)] [Force|NOForce] [Identity(Aut)] [Lid] [MEmber(nnnnnnn)] [NOError] [NORule[(jobname|ALL)]] [Profile(Appclu|DAtaset|DLfclass|Group|Keysmstr|Ptktdata|Sysmview|User)] [Resource(typecode)] [Rule] [SCope(SCP)] [SHift(SFT|ZON)] [SIGNAL|NOSIGNAL] [SYSid(?|sysid)|MSYSid(sysidmask)] [TArget(null|=|?node1,...,noden)] [TErse|Verbose] [TRivia|NOTrivia] [Xref(Sgp|Rgp)]
If a SET command fails, you cannot issue database-related commands until a valid SET command has been issued.
A logonid record consists of many fields and values that are associated with a user. You can control the amount of information that displays when listing a logonid by changing the display value to TERSE or VERBOSE. Limit the display details when listing USER01 logonid record:
Examples: Limit logonid record display
SET TERSELIST USER01 USER01 USER01 COMPANY(S) DEPT(IT) PRIVILEGES ACCOUNT CICS ...
In this example, SET TERSE allows only part of the logonid record to display. This TERSE subcommand remains in effect until a change occurs or the ACF command session ends.
- ACFIndicates a combination of LID and RULE settings. ACF is the default when you issue the ACF command.
- CONTROLIndicates the setting for the system control records. System control records include cache, command propagation facility, and global system option records.
- ENTRYIndicates the sources or groups of sources from which users can access the system.
- FIELDIndicates EXPRESSN records and RECORD definitions for record-level protection. The EXPRESSN records and RECORD definition are used to specify the environment thatCA ACF2validates access to records or screen fields.
- IDENTITYIndicates extended user authentication. Identity records store the authentication information for each user on the Infostorage database.
- FORCE|NOFORCEStores a rule set or field record regardless of whether it exists. The FORCE parameter applies to the ACF, FIELD, and RULE settings. Use this parameter if you are compiling several rules and do not want to issue the STORE command after compiling each rule. If a rule or field exists, NOFORCE prevents you from storing it. This parameter remains in effect until a change occurs or the ACF command session ends.Default:FORCE
- LIDSpecifies logonid records. The logonid record identifies each user on aCA ACF2system..
- MEMBER(nnnnnnn)DeterminesCA ACF2-generated member names for partitioned data sets. When you decompile a rule set or field record into a partitioned data set and do not specify a member name,CA ACF2uses $MEMBER and $KEY values to determine the member name.If there is no $MEMBER parameter,CA ACF2uses the $KEY value, if possible, as the member name. If the key is masked, that key might form an invalid member name. To generate a member name,CA ACF2takes the rightmost five digits of the MEMBER parameter value, increments the value of these digits by one, and precedes the result by an @ symbol. For example, if the value of this parameter is 00003, the generated name to replace the first invalid member name is @00004. The replacement for the second invalid member name is @00005, and so on.The most recently usedCA ACF2-generated member name is stored. The name is incremented by one to form the nextCA ACF2-generated member name unless the MEMBER parameter is respecified in the meantime. This parameter must be specified with a number from 0 to 9999999.
- MFPOLICYThe MFPOLICY control record holds policy data for IBM Multi-Factor Authentication (MFA) for Out-of-Band support. The following table includes the record ID and fields of the MFPOLICY control record. The SET command for the MFPOLICY control record is as follows:SET CONTROL(MFPOLICY)
Specify the following values to set policy data for IBM MFA for Out-of-Band support.PolicynameFACTORS(factornames) REUSE|NOREUSETIMEOUT(timeoutvalue)
- PolicynameIndicates the policyname record id for the CONTROL(MFPOLICY) record. Each MFPOLICY control record is in the format of:Policyname.
- FACTORS(factornames)Specifies a multi-valued field that can hold up to three different 8-byte factor names. The supported factor names are AZFCERT1, AZFPASS1, AZFRADP1, AZFSIDP1.
- NOREUSE|REUSEDetermines the IBM MFA Out-of-Band token can be reused by an application.Default:NOREUSE.
- TIMEOUT(timeoutvalue)Specifies a time-out value.Valid values: 1 through 86400 (number of seconds in a day).Default:300 seconds (5 minutes).
- NOERRORResets the error indication so that the maximum return code of four is returned when you end the ACF command. Use this parameter when you issue ACF commands in batch.
- NORULE(null|jobname|ALL)The NORULE parameter clears currently held, locally resident rules. Locally resident rules are resource or access rules that you have specified as locally resident using the GSO INFODIR, RESDIR, or RESRULE record. For more information about these records, see Global System Option Records. After storing rules, use NORULE to make newly stored rules effective for subsequent access validation by specifying the following values:
- nullSpecify SET NORULE() to clear rules from your address space.
- jobnameSpecify SET NORULE(jobname) to clear rules for a specific job.
- ALLSpecify SET NORULE ALL to reset the locally resident rules for all address spaces. The person issuing the command must have the SECURITY privilege. For more information about the F ACF2,SETNORUL(ALL) operator command, see Console Operator Commands.
- PROFILEIndicates user profile records. Profile records define users to the system and control how data and resources are shared.
- RESOURCEIndicates resource rules. Resource rules provide protection for system resources such as:
- CICS transactions, files, and programs.
- IMS transactions and commands.
- SAF-protected programs and console commands.
- RULEIndicates data set access rule sets. Access rules describe the environment for accessing data sets and determine whether access is permitted for a user or group of users.
- SCOPEIndicates scope records. Scope records limit a user's administrative authority over logonids, rules, and Infostorage databases.
- SHIFTSpecifies access to the system, data sets, and resources which is based on the time of day you specify.
- SIGNAL|NOSIGNALSpecifies that no ENF 71 signal is emitted when NOSIGNAL is in effect. An ENF 71 signal provides notification about the change to the users security record. Applications that receive the signal can take action.
- SYSID(?|sysid)|MSYSID(sysidmask)The SYSID parameter is a string of characters that groups various infostorage records for a specific system. It becomes a part of the infostorage record key. You can specify the SYSID when you process structured infostorage records, such as CONTROL(GSO) or IDENTITY(AUT). Subsequent subcommands affect the records belonging to that SYSID, unless the subcommands specify a different SYSID. To change or display multiple records with different SYSIDs, use the MSYSID parameter. The parameter lets you specify a mask of characters. For more information about SYSIDs, see Structured Infostorage Records.
- TARGET(null|=|?|node1,...,node100)Identifies nodes where the ACF subcommands are processed. Valid values are:
CA ACF2databases, update the databases at the New York, Chicago, and Los Angeles nodes. This parameter remains in effect until a change occurs or the ACF command session ends.
- nullSpecify SET TARGET() to process CPF commands on the HOME node specified in the CPF OPTIONS record.
- = (equal sign)Specify SET TARGET(=) to process ACF subcommands at the home node in addition to any nodemasks defined in this parameter.
- ? (question mark)Specify SET TARGET(?) to process CPF commands on the DFTCMD nodes defined in the CPF OPTIONS record.
- node1,...,node100Specify the names of up to 100 nodes or masks where you want the ACF subcommands processed.
- TERSE|VERBOSETERSE causes a shortened display ofCA ACF2records and rule sets with the LIST or DECOMP subcommands. This parameter remains in effect until a change occurs or the ACF command session ends.With SET TERSE, the LIST subcommand displays only the first line of the LID record.Default:VERBOSE
- TRIVIA|NOTRIVIATRIVIA permits the full display of the logonid record (that is, if VERBOSE is in effect). NOTRIVIA causesCA ACF2to display only certain fields of the logonid record when you issue the LIST subcommand. For more information about these fields, seeCA ACF2Field Definition Record Generation. This parameter remains in effect until a change occurs or the ACF command session ends.Default:TRIVIA. These parameters apply to the ACF and LID settings only.
- XREFIndicates source group (X-SGP) and resource group (X-RGP) cross-reference records.
- X-SGPDefines a group of sources. For example, to let users access a system through different terminals, define the terminals in a group and assign a source group name. Only the source group name is specified in the SOURCE field of a logonid record, instead of individual terminals.
- X-RGPCross-references a resource name and the $TYPE control statement in a resource rule for access validations.