Translate the following RACF rules to ACF2:

RDEFINE SURROGAT ASSERTID.BAQTOKEN UACC(NONE)

RDEFINE SURROGAT *.BAQTOKEN UACC(NONE)

PERMIT ASSERTID.BAQTOKEN CLASS(SURROGAT) ID(LINKID) ACCESS (READ)

PERMIT *.BAQTOKEN CLASS(SURROGAT) ID(LINKID) ACCESS (READ)

SETROPTS RACLIST(SURROGAT) REFRESH

Release : 16.0

Component : ACF2 for z/OS

The converted ACF2 commands and comments are shown in comments below:

RDEFINE SURROGAT ASSERTID.BAQTOKEN UACC(NONE)
RDEFINE SURROGAT *.BAQTOKEN UACC(NONE)

*There is no counterpart to this in CA ACF2. ACF2 uses a default protection scheme, which assumes that the resource is protected.

PERMIT ASSERTID.BAQTOKEN CLASS(SURROGAT) ID(LINKID) ACCESS (READ)
PERMIT *.BAQTOKEN CLASS(SURROGAT) ID(LINKID) ACCESS (READ)

*First CLASMAP needs to be defined to map resource SURROGAT to SUR as shown below:

*ACF
*SET CONTROL(GSO)
*INSERT CLASMAP.SURROGAT RESOURCE(SURROGAT) RSRCTYPE(SUR) ENTITYLN(17)
*F ACF2,REFRESH(CLASMAP)

*Next, the resource rules needs to be written:

*ACF
*SET RESOURCE(SUR)
*RECKEY ASSERTID ADD(BAQTOKEN UID(UID string for LINKID id) SERVICE(READ) ALLOW) 
*RECKEY * ADD(BAQTOKEN UID(UID string for LINKID id) SERVICE(READ) ALLOW)

SETROPTS RACLIST(SURROGAT) REFRESH

*F ACF2,REBUILD(SUR)

How to configure a locally generated JWT - IBM Documentation