Why does the ACFNRULE utility delete multiple rule entries?

book

Article ID: 14489

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction



Why does the ACFNRULE utility delete multiple rule entries?

 

Environment

Release:
Component: ACF2MS

Resolution

The ACFNRULE DELETE parameter specifies that any line containing the exact string as displayed by the decompiler is deleted from the rule set processed. Lines deleted are listed on the SYSPRINT file or at the terminal if ACFNRULE is executed under TSO. 

The key is that the DELETE parameter is based on a rule entry that "contains" the string rather than "matches" the string. So it the DELETE parameter is a subset of multiple rule entries more than one rule entry will be deleted.

For example, given the following rule:

$KEY(PAYROLL)
FILE.ABC UID(*****USER001) READ(A) EXEC(A)      
TEST.FILE.ABC UID(*****USER001) READ(A) EXEC(A)  

If ACFNRULE is used to delete the first rule entry "FILE.ABC UID(*****USER001) READ(A)" both rule entries will be deleted because "FILE.ABC ID(*****USER001) READ(A)" is contained in rule entry "TEST.FILE.ABC UID(*****USER001) READ(A)".

ACFNRULE KEY(PAYROLL) DEL(FILE.ABC UID(*****USER001) READ(A))

ACF75052 ACCESS   RULE PAYROLL STORED BY USER002 ON 05/22/17-13:00
ACF50010 THE FOLLOWING RULES WILL BE DELETED                      
FILE.ABC UID(*****USER001) READ(A) EXEC(A)                        
TEST.FILE.ABC UID(*****USER001) READ(A) EXEC(A)                    

The ACF RECKEY command can be used to do DELETEs of rule entries based on an exact match of the entire rule entry.

An example follows.

Sample Batch Job to Delete a Rule Entry with the RECKEY Command:

//ACFBATCH EXEC PGM=ACFBATCH                                      
//SYSPRINT DD SYSOUT=*                                            
//SYSIN    DD *                                                    
SET RULE                                                          
RECKEY TEST17 DEL(FTY9.Z.R0080099.- UID(D***************USER022) -
READ(A) WRITE(A) ALLOC(A) EXEC(A))                                
/*                                                                 

Sample Output from the above ACFBATCH job:

00017014 SET RULE                                                        
00018014 RECKEY PAYROLL DEL( FILE.ABC UID(*****USER001) READ(A) EXEC(A))
ACF75052 ACCESS RULE PAYROLL STORED BY USER002 ON 05/22/17-13:00        
ACF60202 THE FOLLOWING RULE LINE(S) WILL BE DELETED                      
FILE.ABC UID(*****USER001) READ(A) EXEC(A)                              
ACF70010 ACF COMPILER ENTERED                                            

******** ACCESS RULE PAYROLL STORED BY USER002 ON 05/22/17-13:00         

$KEY(PAYROLL)                                                            
TEST.FILE.ABC UID(*****USER001) READ(A) EXEC(A)                        
ACF70051 TOTAL RECORD LENGTH= 135 BYTES, 3 PERCENT UTILIZED              
ACF60207 RULE PAYROLL REPLACED