What is the ACF2 TSO ACCESS subcommand? How is it used?
Resolution
What is the access command?
The ACCESS command is used to display 'who' has access to specific resource or dataset. The ACCESS subcommand lists each rule line that matches a given input resource and the users that match the UID mask on the rule line(s). The ACCESS subcommand simulates validation for users that match UID masks on rule line(s). If a user's UID matches the UID mask on a given rule line, the user is not listed after subsequent rule lines that contain a matching UID mask. The exceptions to this rule are the rule lines that contain environment variables- such as, PROGRAM, SHIFT, RECCHECK, LIB, etc. When these parameters are found on rule lines and a user has not matched a previous rule line that do not contain environment variables, the ACCESS subcommand's output will list the user after the matching rule lines, until a matching rule line is encountered that does not contain environment variables. This rule line is the last rule line that the user will be listed under. The ACCESS subcommand will also process through any NEXTKEY's that are in the rules. Currently, the ACCESS command will not process Keys that have been modified by Exits.
The GSO OPTS ACCESS|NOACCESS Option needs to be enabled. This specifies whether the ACCESS subcommand is enabled for processing. The default is NOACCESS.
Note: A refresh of the OPTS record and an F ACF2,NEWUID operator command is required to build the LID/UID cross- reference table. This command needs to be issued anytime you add logonid records or update their uid string. This command updates the in storage UID table used by the ACCESS command.
Ruleline: - UID(*) LIB('SYS1.LINKLIB') PGM(IEBGENER) READ(A) WRITE(A) ALLOC(A) EXEC(A) Lids: All logonids Reason: The environment LIB and PGM are not checked.
Ruleline: - UID(*) READ(A) WRITE(A) EXEC(A) Lids: All other logonids
Additional Information
The ACF2 Documentation section ACCESS Subcommand contains detailed documentation related to the ACCESS subcommand.