SAF controls access to File Manager functions as follows:

1. If access to the profile FACILITY(FILEM.FUNCTION.fc) in the FACILITY class is defined (where fc is the function code as shown in IBM Table 3. File Manager function to profile name cross-reference), this controls access to the function.
   
   With ACF2 all resources are defined by default, so Resource Class FACILTIY rules would be created for FILEM.FUNCTION.fc where fc is the function code in IBM Table 3. File Manager function to profile name cross-reference. Based on this table the resources would be:
   
   FILEM.FUNCTION.BT       FILEM.FUNCTION.DB
   FILEM.FUNCTION.DCN    FILEM.FUNCTION.DP
   FILEM.FUNCTION.DRS    FILEM.FUNCTION.DTE
   FILEM.FUNCTION.EOF    FILEM.FUNCTION.ERT
   FILEM.FUNCTION.EVC    FILEM.FUNCTION.EVL
   FILEM.FUNCTION.HT       FILEM.FUNCTION.INT
   FILEM.FUNCTION.LMU    FILEM.FUNCTION.OE
   FILEM.FUNCTION.OO      FILEM.FUNCTION.OU
   FILEM.FUNCTION.QO      FILEM.FUNCTION.SO
   FILEM.FUNCTION.TLO    FILEM.FUNCTION.QT
   FILEM.FUNCTION.ST      FILEM.FUNCTION.STP
   FILEM.FUNCTION.TB      FILEM.FUNCTION.TC
   FILEM.FUNCTION.TCN    FILEM.FUNCTION.TDL
   FILEM.FUNCTION.TH      FILEM.FUNCTION.TLB
   FILEM.FUNCTION.TLT     FILEM.FUNCTION.TMP
   FILEM.FUNCTION.TP      FILEM.FUNCTION.TQ
   FILEM.FUNCTION.TS      FILEM.FUNCTION.TSQ
   FILEM.FUNCTION.TRL    FILEM.FUNCTION.TRS
   FILEM.FUNCTION.TT      FILEM.FUNCTION.TTC
   FILEM.FUNCTION.TTR    FILEM.FUNCTION.TU
   FILEM.FUNCTION.TV      FILEM.FUNCTION.TVS
   FILEM.FUNCTION.TX      FILEM.FUNCTION.VO
   FILEM.FUNCTION.VRU    FILEM.FUNCTION.VT
   FILEM.FUNCTION.VTP    FILEM.FUNCTION.VU
   FILEM.FUNCTION.WTM   FILEM.FUNCTION.XT
   
   Example 1: With ACF2, for example to give a user access to the TP function give the user ALTER, UPDATE, or READ access to FACILITY(FILEM.FUNCTION.TP), and to give a user access to the DB function give the user ALTER, UPDATE, or READ access to FACILITY(FILEM.FUNCTION.DB):
   
   ACF
   SET RESOURCE(FAC)
   RECKEY FILEM ADD( FUNCTION.TP UID(UID string for user) SERVICE(UPDATE, ADD, READ) ALLOW)
   RECKEY FILEM ADD( FUNCTION.DB UID(UID string for user) SERVICE(UPDATE, ADD, READ) ALLOW)
   F ACF2,REBUILD(FAC)
   
   ** Note the SERVICE can be UPDATE, ADD and READ or a specific SERVICE as required.
   
   
2. In RACF, if access to the profile FACILITY(FILEM.FUNCTION.fc) in the FACILITY class is not defined, the profile name shown in IBM Table 3. File Manager function to profile name cross-reference in the form FILEM.group.name is used.
   
   With ACF2, if a site wants to code Resource Class FACILTIY rules for resources in the form of FILEM.group.name rather than FILEM.FUNCTION.fc, then an ACF2 GSO SAFDEF for resource FILEM.FUNCTION.fc will need to be coded with MODE=IGNORE and RC=4. See Example 2 for a sample SAFDEF.
   
   Based on the File Manager functions the resources would be:
   
   FILEM.DISK.INPUT               Disk input functions
   FILEM.DISK.UPDATE           Disk update functions
   FILEM.TAPE.INPUT              Tape input functions
   FILEM.TAPE.OUTPUT          Tape output functions
   FILEM.TAPE.DUPLICATE     Tape copy functions
   FILEM.TAPE.UPDATE           Tape update functions
   FILEM.VSAM.UPDATE          VSAM update functions
   FILEM.OAM.OUTPUT            OAM output functions
   FILEM.OAM.UPDATE             OAM update functions
   FILEM.LOADMOD.UPDATE   Load module update functions
   FILEM.OTHER.ALL                 All other functions
   FILEM.TAPE.BLP                   See Controlling Bypass Label Processing (BLP)
   FILEM.DISK.FULLPACK        Controlling fullpack access to DASD volumes
   
   Example 2: With ACF2, for example create an ACF2 GSO SAFDEF to ignore the resource check for all File Manager functions FILEM.FUNCTION.fc. Then code rules for each function, for example to give a user access to any tape input function or DISK function, give the user ALTER, UPDATE, or READ access to FACILITY(FILEM.TAPE.INPUT)
   
   ACF
   SET C(GSO)
   INSERT SAFDEF.filemt ID(filemt) FUNCRET(4) RETCODE(4) MODE(IGNORE) -
   RACROUTE(REQUEST=AUTH,CLASS=FACILITY,ENTITYX=FILEM.FUNCTION.-)
   F ACF2,REFRESH(SAFDEF)
   
   ACF
   SET RESOURCE(FAC)
   RECKEY FILEM ADD( TAPE.INPUT UID(UID string for user) SERVICE(UPDATE, ADD, READ) ALLOW)
   RECKEY FILEM ADD( TAPE.DISK UID(UID string for user) SERVICE(UPDATE, ADD, READ) ALLOW)
   F ACF2,REBUILD(FAC)
   
   Note: the SERVICE can be UPDATE, ADD and READ or a specific SERVICE as required.
   
   
3. If using resource naming convention FILEM.group.name described above, all protected functions not listed in IBM Table 3. File Manager function to profile name cross-reference are protected by the FILEM.OTHER.ALL profile. The File Manager functions protected by FILEM.OTHER.ALL are listed in IBM Table 2. File Manager functions protected by FILEM.OTHER.ALL.
   
   Example 3: With ACF2 to give a user access to the Resource Class FACILTIY resource FILEM.OTHER.ALL give the user ALTER, UPDATE, or READ access to FACILITY(FILEM.OTHER.ALL). ALTER, UPDATE or READ access means that the user can use the function.
   
   ACF
   SET RESOURCE(FAC)
   RECKEY FILEM ADD( OTHER.ALL UID(UID string for user) SERVICE(UPDATE, ADD, READ) ALLOW)
   F ACF2,REBUILD(FAC)
   
   Note: the SERVICE can be UPDATE, ADD and READ or a specific SERVICE as required.
   
   
4. IBM File Manager issues REQUEST=AUTH,CLASS=FACILITY,STATUS=ACCESS calls which can cause S047 abends with ACF2.
   
   The RACROUTE STATUS=ACCESS call permits a user to interrogate security definitions (access and resource rules) to determine access levels for a user. No auditing is done for this request.
   
   In order to maintain system integrity, ACF2 requires that a user be APF authorized to access security definitions. Because the IBM File Manager program FMNMAIN and FMNMIMS are not APF authorized, ACF2 will abend the task with an S047 abend.
   
   To accommodate this situation, ACF2 will allow the security administrator to define the specific calls for which the APF authorization check for STATUS=ACCESS will be bypassed.
   
   Broadcom's policy is that allowing non-APF authorized users this knowledge is a security exposure. Sites that do not want to allow this call should contact the vendor of the product and request that the STATUS=ACCESS calls be made in an APF authorized environment.
   
   The bypassing of the authorization check in ACF2 is done through use of the 'NOAPFCHK' keyword added to the GSO SAFDEF record. 'NOAPFCHK' will only be honored for STATUS=ACCESS calls. An example of the SAFDEF used for the IBM File Manager product follows:
   
   ACF
   SET CONTROL(GSO)                                                   
   INSERT SAFDEF.apf PROGRAM(FMNMAIN) RB(FMNMAIN) NOAPFCHK -   
         RACROUTE(REQUEST=AUTH,CLASS=FACILITY,STATUS=ACCESS)
   INSERT SAFDEF.apf2 PROGRAM(FMNMIMS) RB(FMNMIMS) NOAPFCHK -
         RACROUTE(REQUEST=AUTH,CLASS=FACILITY,STATUS=ACCESS)
   INSERT SAFDEF.apf3 PROGRAM(FMNMAIN) RB(FMNMAIN) NOAPFCHK -
          RACROUTE(REQUEST=AUTH,CLASS=XFACILIT,STATUS=ACCESS)
   INSERT SAFDEF.apf4 PROGRAM(FMNMIMS) RB(FMNMIMS) NOAPFCHK -
          RACROUTE(REQUEST=AUTH,CLASS=XFACILIT,STATUS=ACCESS)
   F ACF2,REFRESH(SAFDEF)