The ACF Command

Basic operation of the ACF command and its subcommands.
acf2src
The ACF command setting provides subcommands to process CA ACF2 records and access rules. The ACF command setting determines what type of CA ACF2 record you can process. You can issue the ACF command from the TSO ready prompt, ISPF panels, ACFBATCH utility, and the operator console.
To issue the ACF command from the TSO ready prompt, you must have the TSO OPERATOR privilege and SAF OPERCMDS class authorization set on your logonid record. The TSO OPERATOR privilege lets you issue ACF commands from the TSO ready prompt. The SAF OPERCMDS validates a user's authority to issue operator commands.
Follow these steps:
  • Set the TSO OPERATOR privilege on a logonid:
    ACF acf SET LID lid INSERT
    user01
    TSO(
    operator opercmds
    )
  • Verify that the change was applied:
    ACF acf LIST USER01 USER01 ...
    TSO OPERATOR
    ...
    The OPERATOR privilege appears under the TSO section of USER01's logonid record.
  • Enable SAF OPERCMDS validation. The default resource type for OPERCMDS is SAF.
    INSERT CLASMAP.
    opercmd
    RESOURCE(
    opercmd
    )
    To establish the ACF command from the TSO READY prompt:
    READY
    ACF
    acf
  • Establish the ACF command setting by entering a SET subcommand. For example, to process logonids:
    ACF acf SET LID
  • Specify the setting and a three-character type code. For some settings, you must be specific about the type of CA ACF2 record or rule set you want to process.
    ACF acf SET ENTRY(
    SRC
    )
The ACF command has the following settings:
  • ACF
    Indicates a combination of LID and RULE settings. ACF is the default when you issue the ACF command.
    ACF Subcommands
    : INSERT, CHANGE, LIST, DELETE, COMPILE, TEST, STORE, DECOMP
  • CONTROL
    Indicates the setting for the system control records. System control records include cache, command propagation facility, and global system option records.
    ACF Subcommands
    : INSERT, CHANGE, LIST, DELETE.
  • ENTRY
    Indicates the sources or groups of sources from which users can access the system.
    ACF Subcommands
    : INSERT, CHANGE, LIST, DELETE
  • FIELD
    Indicates EXPRESSN records and RECORD definitions for record-level protection. The EXPRESSN records and RECORD definition are used to specify the environment that CA ACF2 validates access to records or screen fields.
    ACF Subcommands:
    COMPILE, DECOMP, DELETE, LIST, RECKEY
  • IDENTITY
    Indicates extended user authentication. Identity records store the authentication information for each user on the Infostorage database.
    ACF Subcommands:
    INSERT, CHANGE, LIST, DELETE
  • LID
    Indicates logonid records. The logonid record identifies each user on a CA ACF2 system.
    ACF Subcommands:
    INSERT, CHANGE, LIST, DELETE, SYNCH
  • PROFILE
    Indicates user profile records. Profile records define users to the system and control how data and resources are shared.
    ACF Subcommands:
    INSERT, CHANGE, LIST, DELETE, COMPILE, DECOMP, RECKEY
  • RESOURCE
    Indicates resource rules. Resource rules provide protection for system resources such as:
    • CICS transactions, files, and programs.
    • IMS transactions and commands.
    • SAF-protected programs and console commands.
    ACF Subcommands:
    COMPILE, TEST, STORE, DECOMP, DELETE, LIST, RECKEY
  • RULE
    Indicates data set access rule sets. Access rules describe the environment for accessing data sets and determine whether access is permitted for a user or group of users.
    ACF Subcommands:
    COMPILE, TEST, STORE, DECOMP, DELETE, LIST, RECKEY
  • SCOPE
    Indicates scope records. Scope records limit a user's administrative authority over logonids, rules, and Infostorage databases.
    ACF Subcommands:
    INSERT, CHANGEM LIST, DELETE
  • SHIFT
    Specifies access to the system, data sets, and resources are based on the time of day you specify.
    ACF Subcommands:
    INSERT, CHANGE, LIST, DELETE
  • XREF
    Indicates source group (X-SGP) and resource group (X-RGP) cross-reference records.
    • X-SGP
      Defines a group of sources. For example, to let users access a system through different terminals, define the terminals in a group and assign a source group name. Only the source group name is specified in the SOURCE field of a logonid record, instead of individual terminals.
    • X-RGP
      Cross-references a resource name and the $TYPE control statement in a resource rule for access validations.
    ACF Subcommands:
    INSERT, CHANGE, LIST, DELETE