ACF2 equivalent commands for sample for RSIAPI security written in RACF.

//ACFRSIAP JOB MSGCLASS=C,MSGLEVEL=(1,1),USER=XXXXXXX,NOTIFY=XXXXXXX
//********************************************************************/
//*                                                                  */
//* FUNCTION: Sample for RSIAPI security                             */
//*                                                                  */
//* Notes:                                                           */  
//* ======                                                           */  
//* 1) Please read through the comments carefully before running     */   
//*    this Job to determine what commands will be needed to setup   */ 
//*    your own customized environment.                              */           
//*                                                                  */
//* 2) Please review the output from this job carefully.             */
//*                                                                  */
//********************************************************************/
//ACFBATCH EXEC PGM=ACFBATCH
/SYSPRINT DD SYSOUT=*      
//SYSIN    DD *      
*  add OMVS segment to existing user ID
* LISTUSER #userid NORACF OMVS
* ALTUSER #userid OMVS(UID(#user-identifier) -
*  HOME(/u/#userid) PROGRAM(/bin/sh) NOASSIZEMAX)
*
ACF
SET PROFILE(USER) DIV(OMVS) 
INSERT #userid UID(#user-identifier) -
  HOME(/u/#userid) OMVSPGM(/bin/sh)
F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) 
*
*  add OMVS segment to existing group
* LISTGRP #group-name NORACF OMVS
* ALTGROUP #group-name OMVS(GID(#group-identifier))
*
SET PROFILE(GROUP) DIV(OMVS) 
INSERT #group-name GID(#group-identifier)
F ACF2,REBUILD(GRP),CLASS(P)
F ACF2,OMVS
*
* *********************************************************************
* * DEFINE STARTED TASKS
* * 
* *  group for started tasks, uncomment to create a new group
* LISTGRP  STCGROUP OMVS
* ADDGROUP STCGROUP
* ALTGROUP STCGROUP OMVS(AUTOGID) -
*  DATA('STARTED TASK GROUP WITH OMVS SEGEMENT')
*
SET PROFILE(GROUP) DIV(OMVS) 
INSERT STCGROUP AUTOGID
F ACF2,REBUILD(GRP),CLASS(P)
F ACF2,OMVS
*  
* *  userid for RSE API server
*  LISTUSER STCAPI OMVS
*  ADDUSER  STCAPI -
*   NOPASSWORD -
*   DFLTGRP(STCGROUP) -
*   OMVS(AUTOUID HOME(/tmp) PROGRAM(/bin/sh)) -
*   NAME('RSE API') -
*   DATA('IBM REMOTE SYSTEM EXPLORER API (RSE API)')
*
SET LID
INSERT STCAPI -
   RESTRICT -
   GROUP(STCGROUP) -
   AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) -
   NAME(RSE API)
F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) 
* 
* *  started task for RSE API server
*  RLIST   STARTED RSEAPI.* ALL STDATA
*  RDEFINE STARTED RSEAPI.* -
*   STDATA(USER(STCAPI) GROUP(STCGROUP) TRUSTED(NO)) -
*   DATA('ZEXPL - RSE API')
*
SET CONTROL(GSO)
INSERT STC.RSEAPI GROUP(STCGROUP) LOGONID(STCAPI) STCID(RSEAPI-)
F ACF2,REFRESH(STC)
*
*  SETROPTS RACLIST(STARTED) REFRESH
* 
* *********************************************************************
* * DEFINE RSE API AS A SECURE Z/OS UNIX SERVER
* * 
* *  permit RSE server to create the client's security environment
*  RLIST   FACILITY BPX.SERVER ALL
*  PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) ID(STCAPI)
* 
*  SETROPTS RACLIST(FACILITY) REFRESH
*
SET RESOURCE(FAC)
* For Role based rule 
RECKEY BPX ADD( SERVER USER(STCAPI) SERVICE(UPDATE) ALLOW)
*
* For UID string based rule
* RECKEY BPX ADD( SERVER UID(UID string for STCAPI) SERVICE(UPDATE) ALLOW)
*
F ACF2,REBUILD(FAC)
*
* *********************************************************************
* * DEFINE PASSTICKET SUPPORT FOR RSE API
* * 
* *  activate passticket support for RSE API
*  RLIST   PTKTDATA IRRPTAUTH.FEKAPPL.* ALL
*  PERMIT IRRPTAUTH.FEKAPPL.* CLASS(PTKTDATA) ACCESS(UPDATE) ID(STCAPI)
* 
*  SETROPTS RACLIST(PTKTDATA) REFRESH
*
SET RESOURCE(PTK)
* For Role based rule 
RECKEY IRRPTAUTH ADD( FEKAPPL.- USER(STCAPI) SERVICE(UPDATE) ALLOW)
*
* For UID string based rule
* RECKEY IRRPTAUTH ADD( FEKAPPL.- UID(UID string for STCAPI) SERVICE(UPDATE) ALLOW)
*
* Add RPTK to INFODIR if not done
* SET CONTROL(GSO)
* CHANGE INFODIR TYPES(R-RPTK) ADD
* F ACF2,REFRESH(INFODIR)
*
F ACF2,REBUILD(PTK)
*
* *********************************************************************
* * DEFINE DATA SET PERMISSIONS
* * 
* *  HLQ stub
*  LISTGRP HUH ALL
*  ADDGROUP (HUH) OWNER(IBMUSER) SUPGROUP(SYS1) -
*   DATA('IBM REMOTE SYSTEM EXPLORER API - HLQ STUB')
* 
* *  general data set protection
#HUH datasets will all begin with TSYSIDZ.
* 
*  LISTDSD PREFIX(HUH) ALL
*  ADDSD 'HUH.*.**' -
*   UACC(NONE) DATA('IBM REMOTE SYSTEM EXPLORER API (RSE API)')
*  PERMIT 'HUH.*.**' -
*   CLASS(DATASET) ACCESS(READ)  ID(*)
*  PERMIT 'HUH.*.**' -
*   CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
*
SET RULE
* For Role based rule 
RECKEY HUH ADD( - USER(-) R(A))
RECKEY HUH ADD( - USER(#sysprog) A(A) W(A) R(A))
*
* For UID string based rule 
* RECKEY HUH ADD( - UID(-) R(A))
* RECKEY HUH ADD( - UID(UID string for #sysprog) A(A) W(A) R(A))
* 
*  SETROPTS GENERIC(DATASET) REFRESH
/*
//