How can the RECKEY Subcommand be used to add or delete a rule entry, $card or %card to an existing rule?
search cancel

How can the RECKEY Subcommand be used to add or delete a rule entry, $card or %card to an existing rule?

book

Article ID: 11494

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

How can the RECKEY Subcommand be used to add or delete a rule entry, $USERDATA, $PREFIX, $MEMBER, %CHANGE or %RCHANGE to an existing rule?

Environment

Release:
Component: ACF2MS

Resolution

The RECKEY subcommand assists security administrators in maintaining rule sets and compiled infostorage rule records. This subcommand allows the user to decompile, add, delete or modify a rule entry, recompile, and store the updated rule set with one command. This command can be used in any ACF mode that handles compiled records and it executes on other CPF-defined nodes The RECKEY command supports the control statements for resource and access rules (control statements that start with the dollar sign ($) or the percent symbol (%)) including the $USERDATA, $PREFIX or $MEMBER control statements.

NOTE:  If the rule does not exist, RECKEY will insert the new rule.

The following examples demonstrate how to add a rule entry, and $USERDATA, $PREFIX and $MEMBER control statements to an ACCESS and a RESOURCE rule.

Sample RECKEY command to add a rule entry for TEST.QUAL3 to ACCESS rule TEST:

set rule
DECOMP TEST                                                            
ACF75052 ACCESS RULE TEST STORED BY USER002 ON 04/01/16-10:58      
$KEY(TEST)                                                         
$USERDATA(MY COMMENT)                                              
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                           
ACF75051 TOTAL RECORD LENGTH= 114 BYTES, 2 PERCENT UTILIZED        

RECKEY TEST ADD( QUAL3.- UID(***USER002) READ(A) WRITE(A) EXEC(A))  
ACF75052 ACCESS RULE TEST STORED BY USER002 ON 04/01/16-10:58      
ACF70010 ACF COMPILER ENTERED                                      
******** ACCESS RULE TEST STORED BY USER02 ON 04/01/16-10:58      
$KEY(TEST)                                                         
$USERDATA(MY COMMENT)                                              
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                           
 QUAL3.- UID(***USER002) READ(A) WRITE(A) EXEC(A)                  
ACF70051 TOTAL RECORD LENGTH= 158 BYTES, 3 PERCENT UTILIZED        
ACF60207 RULE TEST REPLACED
           

Sample RECKEY command to add $card to ACCESS Rule 

SET RULE
decomp *                                                          
ACF75052 ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:54    
$KEY(TEST)                                                        
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                         
ACF75051 TOTAL RECORD LENGTH= 102 BYTES, 2 PERCENT UTILIZED       

reckey test add($userdata(my comment))                         
ACF75052 ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:57  
ACF70010 ACF COMPILER ENTERED                                 
******** ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:57 
$KEY(TEST)                                                     
$USERDATA(MY COMMENT)                                          
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                      
ACF70051 TOTAL RECORD LENGTH= 114 BYTES, 2 PERCENT UTILIZED    
ACF60207 RULE TEST REPLACED

Sample RECKEY command to add %card to ACCESS Rule 

SET RULE
decomp *                                                          
ACF75052 ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:54    
$KEY(TEST)                                                        
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                         
ACF75051 TOTAL RECORD LENGTH= 102 BYTES, 2 PERCENT UTILIZED       

reckey test add(%RCHANGE D**DGH***USER001)                         
ACF75052 ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:57  
ACF70010 ACF COMPILER ENTERED                                 
******** ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:57 
$KEY(TEST)                                                     
$USERDATA(MY COMMENT)
%RCHANGE D**DGH***USER001                                          
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                      
ACF70051 TOTAL RECORD LENGTH= 114 BYTES, 2 PERCENT UTILIZED    
ACF60207 RULE TEST REPLACED

Sample RECKEY command to add a rule entry for TEST.QUAL3.- to resource rule TESTRSC:

SET RESOURCE(TST)
decomp *                                                              
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF75051 TOTAL RECORD LENGTH= 206 BYTES, 5 PERCENT UTILIZED

reckey testrsc add( qual3.- uid(user3) allow)
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59 
$KEY(TESTRSC) TYPE(TST)                                        
$USERDATA(MY COMMENT)                                          
 QUAL2.- UID(*) ALLOW                                          
 QUAL3.- UID(USER3) ALLOW                                      
ACF70051 TOTAL RECORD LENGTH= 254 BYTES, 6 PERCENT UTILIZED    
ACF60207 RULE R TST TESTRSC REPLACED      
                     

Sample RECKEY command to add $card to RESOURCE rule  

SET RESOURCE(TST)
decomp *                                                              
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF75051 TOTAL RECORD LENGTH= 206 BYTES, 5 PERCENT UTILIZED           
reckey  add($PREFIX(TEST***))                             
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59    
ACF70010 ACF COMPILER ENTERED                                        
******** RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$PREFIX(TEST***)                                               
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF70051 TOTAL RECORD LENGTH= 218 BYTES, 5 PERCENT UTILIZED           
ACF60207 RULE R TST TESTRSC REPLACED

Sample RECKEY command to add %card to RESOURCE rule  

SET RESOURCE(TST)
decomp *                                                              
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF75051 TOTAL RECORD LENGTH= 206 BYTES, 5 PERCENT UTILIZED           
reckey  add(%RCHANGE D**DGH***USER002)                             
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59    
ACF70010 ACF COMPILER ENTERED                                        
******** RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$PREFIX(TEST***)                                               
$USERDATA(MY COMMENT)
%RCHANGE D**DGH***USER002                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF70051 TOTAL RECORD LENGTH= 218 BYTES, 5 PERCENT UTILIZED           
ACF60207 RULE R TST TESTRSC REPLACED

Sample RECKEY command to insert an ACCESS Rule 

RULE
reckey test add( qual1.- uid(user1) read(a)) 
ACF70010 ACF COMPILER ENTERED                                                
$KEY(TEST)                                                                   
 QUAL1.- UID(USER1) READ(A)                                                  
ACF70050 IN ONE OR MORE RULES, THE EXECUTE ACCESS WAS SET TO THE READ ACCESS 
ACF70051 TOTAL RECORD LENGTH= 110 BYTES, 2 PERCENT UTILIZED                  
ACF60207 RULE TEST INSERTED 
                                                 

Sample RECKEY command to insert a RESOURCE Rule

set resource(tst)                                                 
RESOURCE                                                         
reckey test add( qual2.- uid(user1) allow)                        
ACF67030 INVALID OPERAND - ADD                                   
RESOURCE                                                         
ACF70010 ACF COMPILER ENTERED                                    
$KEY(TEST) TYPE(TST)                                             
 QUAL2.- UID(USER1) ALLOW                                        
ACF70051 TOTAL RECORD LENGTH= 214 BYTES, 5 PERCENT UTILIZED      
ACF60207 RULE R TST TEST INSERTED

Sample Reckey command to delete rule entry QUAL2.- UID(*) allow

SET RESOURCE(TST)
RECKEY TEST DEL(QUAL2.- UID(*) ALLOW)
ACF75052 RESOURCE RULE TEST STORED BY TEST002 ON 04/01/16-11:02   
$KEY(TEST) TYPE(TST)
ACF75051 TOTAL RECORD LENGTH= 206 BYTES, 5 PERCENT UTILIZED

ACF60207 RULE R TST TEST REPLACED

 



 



 



 

Additional Information

See ACF2 Documentation section 'Process Access Rules Using the ACF Command and ISPF Panels' sub-sections 'RECKEY Subcommand' for details.

See ACF2 Documentation section 'Process Resource Rules Using the ACF Command and ISPF Panel' sub-sections 'RECKEY Subcommand' for details.