How do I use ACF2 RECKEY Subcommand MOD option to update/modify an existing rule entry?

book

Article ID: 14942

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction



How do I use ACF2 RECKEY Subcommand MOD option to update/modify an existing rule entry?

Environment

Release:
Component: ACF2MS

Resolution

The RECKEY subcommand assists security administrators in maintaining rule sets and compiled infostorage rule records. This subcommand allows the user to decompile, add, delete or modify a rule entry, recompile, and store the updated rule set with one command. 

The MOD parameter will will replace a rule line or control statement with another rule line or control statement.

The syntax of the RECKEY subcommand is as follows:

RECKEY ruleid {ADD(rule-entry)|DELETE(rule-entry) |MOD(rule-entry, rule-entry)}


Sample Rule:


$KEY(PAYRNR) TYPE(CKC)   

UID(PAY*USER01*Z) ALLOW       


Sample RECKEY command to change Access to LOG:


RECKEY PAYRNR MOD(UID(PAY*USER01*Z) ALLOW,UID(PAY*USER01*Z) LOG)     


 ACF75052 RESOURCE RULE PAYRNR STORED BY USER002 ON 07/03/17-09:16
 ACF60202 THE FOLLOWING RULE LINE(S) WILL BE REPLACED             
 UID(PAY*USER01*Z) ALLOW                                          
 ACF70010 ACF COMPILER ENTERED                                    

                                                                  
 ******** RESOURCE RULE PAYRNR STORED BY USER002 ON 07/03/17-09:16
 $KEY(PAYRNR) TYPE(CKC)                                           
 UID(PAY*USER01*Z) LOG                                            
 ACF70051 TOTAL RECORD LENGTH= 166 BYTES, 4 PERCENT UTILIZED