The ACF Command
Basic operation of the ACF command and its subcommands.
The ACF command setting provides subcommands to process CA ACF2 records and access rules. The ACF command setting determines what type of CA ACF2 record you can process. You can issue the ACF command from the TSO ready prompt, ISPF panels, ACFBATCH utility, and the operator console.
To issue the ACF command from the TSO ready prompt, you must have the TSO OPERATOR privilege and SAF OPERCMDS class authorization set on your logonid record. The TSO OPERATOR privilege lets you issue ACF commands from the TSO ready prompt. The SAF OPERCMDS validates a user's authority to issue operator commands.
Follow these steps:
- Set the TSO OPERATOR privilege on a logonid:ACF acf SET LID lid INSERTuser01TSO(operator opercmds)
- Verify that the change was applied:
The OPERATOR privilege appears under the TSO section of USER01's logonid record.ACF acf LIST USER01 USER01 ...TSO OPERATOR...
- Enable SAF OPERCMDS validation. The default resource type for OPERCMDS is SAF.
To establish the ACF command from the TSO READY prompt:INSERT CLASMAP.opercmdRESOURCE(opercmd)READYACFacf
- Establish the ACF command setting by entering a SET subcommand. For example, to process logonids:ACF acf SET LID
- Specify the setting and a three-character type code. For some settings, you must be specific about the type of CA ACF2 record or rule set you want to process.ACF acf SET ENTRY(SRC)
The ACF command has the following settings:
- ACFIndicates a combination of LID and RULE settings. ACF is the default when you issue the ACF command.ACF Subcommands: INSERT, CHANGE, LIST, DELETE, COMPILE, TEST, STORE, DECOMP
- CONTROLIndicates the setting for the system control records. System control records include cache, command propagation facility, and global system option records.ACF Subcommands: INSERT, CHANGE, LIST, DELETE.
- ENTRYIndicates the sources or groups of sources from which users can access the system.ACF Subcommands: INSERT, CHANGE, LIST, DELETE
- FIELDIndicates EXPRESSN records and RECORD definitions for record-level protection. The EXPRESSN records and RECORD definition are used to specify the environment that CA ACF2 validates access to records or screen fields.ACF Subcommands:COMPILE, DECOMP, DELETE, LIST, RECKEY
- IDENTITYIndicates extended user authentication. Identity records store the authentication information for each user on the Infostorage database.ACF Subcommands:INSERT, CHANGE, LIST, DELETE
- LIDIndicates logonid records. The logonid record identifies each user on a CA ACF2 system.ACF Subcommands:INSERT, CHANGE, LIST, DELETE, SYNCH
- PROFILEIndicates user profile records. Profile records define users to the system and control how data and resources are shared.ACF Subcommands:INSERT, CHANGE, LIST, DELETE, COMPILE, DECOMP, RECKEY
- RESOURCEIndicates resource rules. Resource rules provide protection for system resources such as:
ACF Subcommands:COMPILE, TEST, STORE, DECOMP, DELETE, LIST, RECKEY
- CICS transactions, files, and programs.
- IMS transactions and commands.
- SAF-protected programs and console commands.
- RULEIndicates data set access rule sets. Access rules describe the environment for accessing data sets and determine whether access is permitted for a user or group of users.ACF Subcommands:COMPILE, TEST, STORE, DECOMP, DELETE, LIST, RECKEY
- SCOPEIndicates scope records. Scope records limit a user's administrative authority over logonids, rules, and Infostorage databases.ACF Subcommands:INSERT, CHANGEM LIST, DELETE
- SHIFTSpecifies access to the system, data sets, and resources are based on the time of day you specify.ACF Subcommands:INSERT, CHANGE, LIST, DELETE
- XREFIndicates source group (X-SGP) and resource group (X-RGP) cross-reference records.
ACF Subcommands:INSERT, CHANGE, LIST, DELETE
- X-SGPDefines a group of sources. For example, to let users access a system through different terminals, define the terminals in a group and assign a source group name. Only the source group name is specified in the SOURCE field of a logonid record, instead of individual terminals.
- X-RGPCross-references a resource name and the $TYPE control statement in a resource rule for access validations.