This articles provides  ACF2 conversions for the following RACF security rules:

RDEFINE NETCMDS *.*.* UACC(NONE)    

PERMIT *.*.* CLASS(NETCMDS) +                              
  ID(INGAUTO INGSUPER INGOPER INGADMIN INGUSER) ACC(READ)  

CLASMAP is created for NETCMDS and NTC is in the global Resident record as shown below:

INSERT CLASMAP.NETCMDS RESOURCE(NETCMDS) RSRCTYPE(NTC) ENTITYLN(246) SYSID(****)                  

CHANGE INFODIR TYPES(R-RNTC) ADD SYSID(****)    

There is no ACF2 counterpart for RDEFINE NETCMDS *.*.* UACC(NONE), as all resources are protected by default.

To create ACF2 resource rules, masking in resource rules can be used. Asterisk (*) can be used to mask the $KEY control statement value. However, the dash (-) can't be used as a masking character in the $KEY value.

A sample example is shown below: 

SET R(NTC)
RECKEY ******** ADD( - UID(uid of logonid) SERVICE(READ) ALLOW)
RECKEY ******** ADD( - UID(*) PREVENT)

The INGESAF member also shows these RACF commands for ADDGROUPS, conversions are shown below: 

ACF 
SET PROFILE(GROUP) DIV(OMVS) 
/*ADDGROUP INGAUTO     OMVS(GID(80004))*/
INSERT INGAUTO GID(80004)        
/*ADDGROUP INGWRK      OMVS(GID(80006))*/
INSERT INGWRK GID(80006)                                       
/*ADDGROUP INGSUPER    OMVS(GID(80005))*/   
INSERT INGSUPER GID(80005)                                   
/*ADDGROUP INGADMIN    OMVS(GID(80003))*/    
INSERT INGADMIN GID(80003)                                     
/*ADDGROUP INGOPER     OMVS(GID(80002))*/ 
INSERT INGOPER GID(80002)                                        
/*ADDGROUP INGUSER     OMVS(GID(80001))*/
INSERT INGSUSER GID(80001)  

A SAFDEF with MODE=GLOBAL for resource NETCMDS would need to be activated when rules are setup on the system.