The sample rules supplied by ACF2 use rolesets
How to setup using z/OSMF resource rules as UID rules without using roles.

Release : 16.0

Component : ACF2 for z/OS

If you are using for example TYPE(APP) for resource class APPL and you 
haven't used roles, you would need to setup the roles that are needed and then connect whichever 
users are supposed to be included.
If you would prefer to use UID strings, that can also be done - you would need to work out which users
should get the permissions that each role allows.

For example. if user1 and user2 are deemed to be IZUADMIN users,
usert3 and user4 are deemed as IZUUNGRP
and user5 and user6 are deemed to be IZUUSER
you would need the following rules and roles.

For uid rules
 
SET RESOURCE(APP)
$KEY(IZUDFLT) TYPE(APP)
 UID(<uid for user1>) service(read) allow
 UID(<uid for user2>) service(read) allow 
 UID(<uid for user3>) service(read) allow
 UID(<uid for user4>) service(read) allow 
 UID(<uid for user5>) service(read) allow
 UID(<uid for user6>) service(read) allow 

For roleset.

SET X(ROL)
INSERT IZUADMIN INCLUDE(USER1, USER2)
INSERT IZUUNGRP INCLUDE(USER3, USER4)
INSERT IZUUSER INCLUDE(USER5, USER6)
F ACF2,NEWXREF,TYP(ROL)

$KEY(IZUDFLT)  TYPE(APP)           
$USERDATA(ZOSMF ACCESS)            
 ROLE(IZUADMIN) SERVICE(READ) ALLOW
 ROLE(IZUUNGRP) SERVICE(READ) ALLOW
 ROLE(IZUUSER) SERVICE(READ) ALLOW