To use the TEST command there must first be a resource rule. In this example the following rule will be used:
ACF75052 RESOURCE RULE stgadmin STORED BY ABCDE01 ON 04/17/20-13:24
igd.- uid(tfinpaynlt) service(read) allow
idc.- uid(tfinpayiso) log
ACF75051 TOTAL RECORD LENGTH= 250 BYTES, 6 PERCENT UTILIZED
The TEST subcommand takes these parameters:
* (asterisk) - Indicates that you want the last explicitly referenced rule set tested.
(no parameter) - Indicates that you want the last explicitly referenced rule set tested. The TEST subcommand operates the same whether you specify no parameters or an asterisk.
ruleid - Identifies the key of the rule set you want tested. To specify a rule set by its rule ID, you must have the authority to update the rule set, the SECURITY or AUDIT privilege level, or DECOMP authority as specified in the GSO RULEOPTS record. If the rule ID ends with a dash (-), enclose the rule ID in single quotes.
To test this rule, issue the following TEST subcommand:
When the period (.) appears, the TEST subcommand is active. Enter any of the TEST subcommand keywords to specify the particular environment wanted to be tested. Unspecified keywords inherit the default value for that keyword (if it has not yet been specified) or they inherit the value specified in the previous test and retain that value until a new value is explicitly specified for that keyword.
Test Subcommand Keywords
For example, the following keywords test whether the resource rule set STGADMIN lets the user TFINPAYNLT access the SMS storage administration resources:
. rsrcname(igd) uid(tfinpaynlt) service(read)
After entering the TEST subcommand keywords, the system displays all of the current values that describe the environment being tested. The last two lines of the display indicate whether the access is permitted, logged, or prevented:
. rsrcname(igd) uid(tfinpaynlt) service(read) role(arola)
ACF71114 THE FOLLOWING PARAMETERS ARE IN EFFECT:
DATE=04/02/04 TIME=1445 SOURCE=******** UID=TFINPAYNLT
TARGET RESOURCE: RFAC STGADMIN.IGD
VALIDATED RULE LINE FROM STGADMIN TYPE FAC
IGD.- UID(TFINPAYNLT) SERVICE(READ) ALLOW
RESULT: ACCESS WOULD BE ALLOWED
REASON: RESOURCE RULE
This example shows that the user is permitted read authority only because a resource rule exists that defines that access.
After the result displays, you can specify other keywords and values to define another environment for testing. The END subcommand terminates the TEST subcommand.