Enable and write rules for the DASDVOL class in ACF2
Article ID: 262521
Updated On:
Products
ACF2 - z/OS
ACF2
ACF2 - MISC
Issue/Introduction
This article documents how to determine whether the DASDVOL class is active in ACF2 and how to write ACF2 rules for DASDVOL class related access.
Environment
Release : 16.0
Resolution
- To validate if the DASDVOL class is active, issue the ACF, SHOW SAFDEF command to display the active SAFDEFs on the system. Verify how the RACROUTE REQUEST=AUTH CLASS=DASDVOL is processed. Sample ACFBATCH JCL to issue the SHOW SAFDEF follows.
Perform a FIND on the output of this job for DASDVOL and check the SAFDEF MODE:
MODE(IGNORE) indicates that the calls are ignored and there is no DASDVOL validations being done.
MODE(GLOBAL) indicates that the calls are being validated so DASDVOL validations are being done. If MODE(GLOBAL) exists, skip to step 3.
//ACFBATCH EXEC PGM=ACFBATCH
//SYSOUT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
SHOW SAFDEF
/* - Create a SAFDEF to allow DASDVOL calls to be processed. This SAFDEF can be made more granular to what program and RB needs access to this call or can allow any program with masking:
ACF
SET CONTROL(GSO)
INSERT SAFDEF.DASDV ID(DASDVOL) MODE(GLOBAL) PROGRAM(********) RB(********) -
RACROUTE(REQUEST=AUTH,CLASS=DASDVOL) - Write dataset access rules to allow access. The $KEY will depend on the GSO RULEOPTS VOLRULE setting. The volumes are validated by dataset access rules in the format of either @VOLSER.VOLUME or VOLUME.@VOLSER.
For example if the GSO RULEOPTS specifies (the default) NOVOLRULE, the format is @volser.VOLUME:
$KEY(@vol123)
VOLUME UID(uid for logonid) R(A) W(A)
If GSO RULEOPTS specifies VOLRULE, the pseudo data set name format is VOLUME.@volser:
$KEY(VOLUME)
@vol123 UID(uid for logonid) R(A) W(A)
Additional Information
Feedback
Yes
No
Powered by
