The answer in ACF2 used to depend almost wholly on whatever UID string an individual installation was using, and it wouldn't be an ACF2 command but a line (or two lines, I guess) in a rule dataset. That is, in ACF2 you write the rules into an EBCDIC dataset, and then "compile" the dataset into the ACF2 database. So your REXX would have to add two lines to an existing dataset, which could be more complicated that simply issuing commands. Let's use ABC.DEFG as the DSN, and USERA as the LID (which is what ACF2 calls the userID). The lead line of the dataset usually specifies the HLQ like this:
$KEY(ABC) The rest of the lines define access for all the datasets under that HLQ. You'd add two lines that might look like this: DEFG UID(****************USERA) R(A) E(A) U(A) A(A) DEFG UID() The first line indicates that it applies to USERA regardless of its UID string (so even if he moves to another department someday this rule will still apply to him), and he has all access, that is, Read, Execute, Update and Allocate. (In RACF each level of access implies the lower accesses too, but in ACF2 you can give someone Update access without allowing Read access, for instance.) The second line specifies no access for everyone else. The placement of these lines might be tricky. Most installations user the $SORT option, so as part of the compile process ACF2 sorts the rules in a way that mostly makes sense, putting the more specific rules before the more general ones (as here). But if an installation uses $NOSORT, or if $NOSORT is needed in a particular rule set because of special circumstances, then each rule line is evaluated in the order it's placed in the dataset, and you'd need your program to put the lines in the right place. Be advised that my ACF2 is about ten years old; maybe that second line has to be "DEFG UID(-)", with a hyphen. I think they both mean the same. --- I said that used to be the answer, because ACF2 depended mostly on UID strings. But ten or fifteen years ago, I think it was, the publishers responded to customer requests and added the concept of user groups, and a lot of installations dropped the UID string entirely and started allocating access that way. I've used that, but it's been a while; someone else should advise you. Or I can look it up, if you get desperate. It's still a matter of adding lines to a dataset, though. --- Bob Bridges, [email protected], cell 336 382-7313 /* People are always asking couples whose marriages have endured at least a quarter of a century for their secret for success. Actually, it is no secret at all. I am a forgiving woman. Long ago, I forgave my husband for not being Paul Newman. -Erma Bombeck */ -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Lionel B. Dyck Sent: Friday, November 4, 2022 12:59 I have this code to secure a dataset so only the user has access to it: "Addsd '"netrc_dsn"' UACC(none)" "Permit '"netrc_dsn"' Access(alter) ID("sysvar('sysuid')")" Can anyone help me with equivalent command(s) for ACF2 and TSS? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
