ACF2 Resource class APPL - CLASMAP/ SAFDEF configuration
search cancel

ACF2 Resource class APPL - CLASMAP/ SAFDEF configuration

book

Article ID: 252051

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

There is a CLASMAPP for the APPL class that is mapped to the resource type APP, however, there is no GSO SAFDEF for APPL, however there is the ACF2 default APPL SAFDEF, which is MODE=IGNORE in place. So does that mean that any rules created for APP would be ineffective?

 

Environment

Release : 16.0

Resolution

The default internal SAFDEF below with MOD=IGNORE:

APPL     JOBNAME=********   USERID=********   PROGRAM=********   RB=******** 
         RETCODE=4          SAFDEF=INTERNAL   MODE=IGNORE        SUBSYS=ACF2 
         FUNCRET=4          FUNCRSN=0                                        
                                                                             
         RACROUTE REQUEST=AUTH,REQSTOR='ACF9CSFV'       

will ignore the following SAF classes by default:

APPCPORT
Validates port of entry (POE) classes with an associated session during SAF VERIFY a VERIFYX processing at system entry.
SAFDEF: APPL

APPL
Validates port of entry (POE) classes with an associated session during SAF VERIFY and VERIFYX processing at system entry.
SAFDEF: APPL

APPL
Validates a user's authority to access an application during SAF VERIFY and VERIFYX processing at system entry.
SAFDEF: APPL

CONSOLE
Validates a user's authority to access an MCS console. Checks the ability of commands that are issued from the MCS console to access other resources.
SAFDEF: APPL

DEVICES
Validates a user's authority to allocate devices, such as unit record devices, graphic devices, and teleprocessing and communication devices.
SAFDEF: DEVAUTH

JESINPUT
Validates a user's authority to enter commands or jobs through a JES input device.
SAFDEF: APPL

TERMINAL
Validates a user's authority to access the system based on the terminal used.
SAFDEF: APPL

So any GSO CLASMAP record for the APPL resource class, in this case TYPE(APP) rules will not be used. 

If a site wants to validate the resource class APPL and override internal MODE=IGNORE APPL SAFDEF, the following example SAFDEF can be INSERTed:

ACF
SET CONTROL(GSO)  
INSERT SAFDEF.APPL ID(APPL) MODE(GLOBAL)  RACROUTE(REQUEST=AUTH CLASS=APPL REQSTOR=ACF9CSFV)  
F ACF2,REFRESH(SAFDEF)
END

 

Powered by Wolken Software