How to use the &LID logonid symbolic in an ACF2 rule for a USS home directory.

book

Article ID: 131381

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction



How to use the &LID logonid symbolic in an ACF2 rule for a USS home directory. When using automount for user filesystems and a site may want to protect those directories for each logonid. When using /u/&SYSUID as home directory for each user, is there a way a site can create a rule for granting access to each ID using the logonid symbolic without needing to code rules for each logonid?

Environment

Release:
Component: ACF2MS

Resolution

The "&LID" rule qualifier can be used in dataset access and resource rules to represent the 
logonid of the user requesting access. 

Details can be found in the following two sections of the ACF2 documentation: 

Section "&LID Qualifiers" 

&LID can be used as one or more of the qualifiers. &LID represents the logonid of the user who is requesting the access. &LID cannot be used with any other characters in a single qualifier, it must be used alone as the entire qualifier. To learn more about using &LID see Using &LID in Data Set Rules. 

Section "Using &LID in Data Set Rules" 

&LID is a symbolic replacement for one or more qualifiers in a data set rule line. &LID cannot be used in as the $KEY value. &LID represents the logonid of the user who is requesting the access. 

The following is a sample rule: 

$KEY(/U) TYPE(HFS)
&LID UID(*) READ(A) WRITE(A) ALLOC(A) EXEC(A) 
PGMXYZ.USERS.&LID UID(*) READ(A) WRITE(A) ALLOC(A) EXEC(A) 

Logonid USER25 has access to the following USS path/file: 

/u/USER25 
/u/PGMXYZ/USERS/USER25 

Logonid USER005 has access to the following USS path/file: 

/u/USER005 
/u/PGMXYZ/USERS/USER005