There are a couple ACF2 userids that need to be restricted from accessing a dataset. The current access rule is coded with a masked UID and is allowing these users access. How can access to this dataset be prevented for only a few users and still allow access to those who need access?
Release : 16.0
Component :
The UID parameter in an ACF2 rule entry is always treated as a mask. The ACF2 compiler automatically sorts UID patterns from most specific to most general. If there are specific UIDs that need to be prevented access while allowing all other UIDs that match a mask to have access, then an access rule would need to be written specifying the user's full UID string for the UID parameter. This will cause that rule entry that prevents access to be matched first, and access will be denied.
Example:
Users with a UID string of ABCD1 and ABCD2 need to be prevented from accessing dataset HLQ.TEST. The current rule looks like this:
$KEY(HLQ)
TEST UID(ABCD) READ(A) WRITE(A) ALLOC(A) EXEC(A)
All other users besides ABCD1 and ABCD2 still need access, so the following rule entries would need to be added to prevent access for those specific users:
$KEY(HLQ)
TEST UID(ABCD1) READ(P) WRITE(P) ALLOC(P) EXEC(P)
TEST UID(ABCD2) READ(P) WRITE(P) ALLOC(P) EXEC(P)
TEST UID(ABCD) READ(A) WRITE(A) ALLOC(A) EXEC(A)
Relevant ACF2 documentation:
Access Rule Entries
Mask Data Set Names and UIDs
Rule Selection Algorithm for UID and $ROLESET Rules