The sample rules supplied by ACF2 use rolesets
How to setup using z/OSMF resource rules as UID rules without using roles.
Release : 16.0
Component : ACF2 for z/OS
If you are using for example TYPE(APP) for resource class APPL and you
haven't used roles, you would need to setup the roles that are needed and then connect whichever
users are supposed to be included.
If you would prefer to use UID strings, that can also be done - you would need to work out which users
should get the permissions that each role allows.
For example. if user1 and user2 are deemed to be IZUADMIN users,
usert3 and user4 are deemed as IZUUNGRP
and user5 and user6 are deemed to be IZUUSER
you would need the following rules and roles.
For uid rules
SET RESOURCE(APP)
$KEY(IZUDFLT) TYPE(APP)
UID(<uid for user1>) service(read) allow
UID(<uid for user2>) service(read) allow
UID(<uid for user3>) service(read) allow
UID(<uid for user4>) service(read) allow
UID(<uid for user5>) service(read) allow
UID(<uid for user6>) service(read) allow
For roleset.
SET X(ROL)
INSERT IZUADMIN INCLUDE(USER1, USER2)
INSERT IZUUNGRP INCLUDE(USER3, USER4)
INSERT IZUUSER INCLUDE(USER5, USER6)
F ACF2,NEWXREF,TYP(ROL)
$KEY(IZUDFLT) TYPE(APP)
$USERDATA(ZOSMF ACCESS)
ROLE(IZUADMIN) SERVICE(READ) ALLOW
ROLE(IZUUNGRP) SERVICE(READ) ALLOW
ROLE(IZUUSER) SERVICE(READ) ALLOW