SET Subcommand

The SET subcommand lets you establish the setting of the ACF subcommand.
The SET subcommand lets you establish the setting of the ACF subcommand. The SET subcommand has more functions such as, modifying the operation of other subcommands. The SET subcommand has the following syntax:
SEt or T [Acf] [Control(CAc|CPf|Gso|IMS|MFPOLICY|Net|SMs||DCo|LDS|Tso)] [DIvision(appldiv)|MDiv(?|divison-mask)] [Entry(SRC|SGP)] [Field(EXP|REC)] [Force|NOForce] [Identity(Aut)] [Lid] [MEmber(nnnnnnn)] [NOError] [NORule[(jobname|ALL)]] [Profile(Appclu|DAtaset|DLfclass|Group|Keysmstr|Ptktdata|Sysmview|User)] [Resource(typecode)] [Rule] [SCope(SCP)] [SHift(SFT|ZON)] [SIGNAL|NOSIGNAL] [SYSid(?|sysid)|MSYSid(sysidmask)] [TArget(null|=|?node1,...,noden)] [TErse|Verbose] [TRivia|NOTrivia] [Xref(Sgp|Rgp)]
If a SET command fails, you cannot issue database-related commands until a valid SET command has been issued.
Examples: Limit logonid record display
A logonid record consists of many fields and values that are associated with a user. You can control the amount of information that displays when listing a logonid by changing the display value to TERSE or VERBOSE. Limit the display details when listing USER01 logonid record:
In this example, SET TERSE allows only part of the logonid record to display. This TERSE subcommand remains in effect until a change occurs or the ACF command session ends.
  • ACF
    Indicates a combination of LID and RULE settings. ACF is the default when you issue the ACF command.
    Indicates the setting for the system control records. System control records include cache, command propagation facility, and global system option records.
    Indicates the sources or groups of sources from which users can access the system.
    Indicates EXPRESSN records and RECORD definitions for record-level protection. The EXPRESSN records and RECORD definition are used to specify the environment that
    CA ACF2
    validates access to records or screen fields.
    Indicates extended user authentication. Identity records store the authentication information for each user on the Infostorage database.
    Stores a rule set or field record regardless of whether it exists. The FORCE parameter applies to the ACF, FIELD, and RULE settings. Use this parameter if you are compiling several rules and do not want to issue the STORE command after compiling each rule. If a rule or field exists, NOFORCE prevents you from storing it. This parameter remains in effect until a change occurs or the ACF command session ends.
  • LID
    Specifies logonid records. The logonid record identifies each user on a
    CA ACF2
    CA ACF2
    -generated member names for partitioned data sets. When you decompile a rule set or field record into a partitioned data set and do not specify a member name,
    CA ACF2
    uses $MEMBER and $KEY values to determine the member name.
    If there is no $MEMBER parameter,
    CA ACF2
    uses the $KEY value, if possible, as the member name. If the key is masked, that key might form an invalid member name. To generate a member name,
    CA ACF2
    takes the rightmost five digits of the MEMBER parameter value, increments the value of these digits by one, and precedes the result by an @ symbol. For example, if the value of this parameter is 00003, the generated name to replace the first invalid member name is @00004. The replacement for the second invalid member name is @00005, and so on.
    The most recently used
    CA ACF2
    -generated member name is stored. The name is incremented by one to form the next
    CA ACF2
    -generated member name unless the MEMBER parameter is respecified in the meantime. This parameter must be specified with a number from 0 to 9999999.
    The MFPOLICY control record holds policy data for IBM Multi-Factor Authentication (MFA) for Out-of-Band support. The following table includes the record ID and fields of the MFPOLICY control record. The SET command for the MFPOLICY control record is as follows:
    FACTORS(factornames) REUSE|
    Specify the following values to set policy data for IBM MFA for Out-of-Band support.
    • Policyname
      Indicates the policyname record id for the CONTROL(MFPOLICY) record. Each MFPOLICY control record is in the format of:
    • FACTORS(factornames)
      Specifies a multi-valued field that can hold up to three different 8-byte factor names. The supported factor names are AZFCERT1, AZFPASS1, AZFRADP1, AZFSIDP1.
      Determines the IBM MFA Out-of-Band token can be reused by an application.
    • TIMEOUT(timeoutvalue)
      Specifies a time-out value.
      Valid values
      : 1 through 86400 (number of seconds in a day).
      300 seconds (5 minutes).
    Resets the error indication so that the maximum return code of four is returned when you end the ACF command. Use this parameter when you issue ACF commands in batch.
  • NORULE(null|
    The NORULE parameter clears currently held, locally resident rules. Locally resident rules are resource or access rules that you have specified as locally resident using the GSO INFODIR, RESDIR, or RESRULE record. For more information about these records, see Global System Option Records. After storing rules, use NORULE to make newly stored rules effective for subsequent access validation by specifying the following values:
    • null
      Specify SET NORULE() to clear rules from your address space.
    • jobname
      Specify SET NORULE(jobname) to clear rules for a specific job.
    • ALL
      Specify SET NORULE ALL to reset the locally resident rules for all address spaces. The person issuing the command must have the SECURITY privilege. For more information about the F ACF2,SETNORUL(ALL) operator command, see Console Operator Commands.
    Indicates user profile records. Profile records define users to the system and control how data and resources are shared.
    Indicates resource rules. Resource rules provide protection for system resources such as:
    • CICS transactions, files, and programs.
    • IMS transactions and commands.
    • SAF-protected programs and console commands.
  • RULE
    Indicates data set access rule sets. Access rules describe the environment for accessing data sets and determine whether access is permitted for a user or group of users.
    Indicates scope records. Scope records limit a user's administrative authority over logonids, rules, and Infostorage databases.
    Specifies access to the system, data sets, and resources which is based on the time of day you specify.
    Specifies that no ENF 71 signal is emitted when NOSIGNAL is in effect. An ENF 71 signal provides notification about the change to the users security record. Applications that receive the signal can take action.
  • SYSID(?|
    The SYSID parameter is a string of characters that groups various infostorage records for a specific system. It becomes a part of the infostorage record key. You can specify the SYSID when you process structured infostorage records, such as CONTROL(GSO) or IDENTITY(AUT). Subsequent subcommands affect the records belonging to that SYSID, unless the subcommands specify a different SYSID. To change or display multiple records with different SYSIDs, use the MSYSID parameter. The parameter lets you specify a mask of characters. For more information about SYSIDs, see Structured Infostorage Records.
  • TARGET(null|=|?|
    Identifies nodes where the ACF subcommands are processed. Valid values are:
    • null
      Specify SET TARGET() to process CPF commands on the HOME node specified in the CPF OPTIONS record.
    • = (equal sign)
      Specify SET TARGET(=) to process ACF subcommands at the home node in addition to any nodemasks defined in this parameter.
    • ? (question mark)
      Specify SET TARGET(?) to process CPF commands on the DFTCMD nodes defined in the CPF OPTIONS record.
    • node1,...,node100
      Specify the names of up to 100 nodes or masks where you want the ACF subcommands processed.
    All ACF subcommands entered after this command that update the
    CA ACF2
    databases, update the databases at the New York, Chicago, and Los Angeles nodes. This parameter remains in effect until a change occurs or the ACF command session ends.
    TERSE causes a shortened display of
    CA ACF2
    records and rule sets with the LIST or DECOMP subcommands. This parameter remains in effect until a change occurs or the ACF command session ends.
    With SET TERSE, the LIST subcommand displays only the first line of the LID record.
    TRIVIA permits the full display of the logonid record (that is, if VERBOSE is in effect). NOTRIVIA causes
    CA ACF2
    to display only certain fields of the logonid record when you issue the LIST subcommand. For more information about these fields, see
    CA ACF2
    Field Definition Record Generation. This parameter remains in effect until a change occurs or the ACF command session ends.
    TRIVIA. These parameters apply to the ACF and LID settings only.
  • XREF
    Indicates source group (X-SGP) and resource group (X-RGP) cross-reference records.
    • X-SGP
      Defines a group of sources. For example, to let users access a system through different terminals, define the terminals in a group and assign a source group name. Only the source group name is specified in the SOURCE field of a logonid record, instead of individual terminals.
    • X-RGP
      Cross-references a resource name and the $TYPE control statement in a resource rule for access validations.