We have many View databases that are historical that require a lockdown to a few users.   

There are a few SARINIT SECID's being used with SECURITY=... being set as EXTERNAL, INIT, and LOGON. 

Would there be any issue setting new security rules through ACF2? 

Release : 14.0

Primarily, the security used on a View database is via the SARINIT SECID=... and SECURITY=... parameters. 

If you will be using an external security package (ACF2, Top Secret, RACF) and establishing rules therein, then you would use:

 . SECID=rule_prefix
 . SECURITY=EXTERNAL 

   Where SECID=... would have the prefix that is being used for the rules. 

Also, there could be a modified View SARSECUX exit in use, where a size of 0048 indicates that the default exit is in use, and a size other than that would indicate that a modified exit is being used.