Creating the necessary ACF2 rules to restrict LU's or IP addresses to be used for XCOM transfers after specifying LUSECURE=YES in the CONFIG member. How do I configure a SAF rule to allow all SNA LU's or ALL TCPIP addresses to be used for XCOM transfers? Once that is done we will code the specific rules for those LU's and IP addresses that we want to restrict. 

Would we code the rule to use a wildcard for destname as follows:
XCOM.XCOM.LU.*.SEND.L
and give all users READ?

Release : 12.0

XCOM Data Transport for z/OS

Yes, the rule would be defined as "XCOM.XCOM.LU.*.SEND.L " and provide READ access for all users to allow all users to perform transfers to the partner systems.
To define rules to restrict for specific LU's or IP addresses, please refer to the Administrator guide and Partner Security section.

In the above rule sample, the " * " is used as the wildcard character, but you should double check what is the designated wildcard character for your security package. For example, ACF2 may use the " - " as the wildcard character.