ACF2 AUTOERAS feature not deleting all data for all types with PROCESS(SAF)

book

Article ID: 33271

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

AUTOERAS record created to delete VSAM and NON-VSAM data:

**** / AUTOERAS LAST CHANGED BY logonid ON mm/dd/yy-hh:mm
NOERASEALL NONON-VSAM PROCESS(SAF) NOSECLEVEL SECLVL(0) 
VOLS(VOL001) NOVSAM 

How can AUTOERAS be configured to work for all volumes, whether SMS or non-SMS controlled.  The following profile record was created to test:

SET PROFILE(ERASE) DIVISION(PROFILE)
list like(-) 

ACFAB072 PROFILE TESTIT STORED BY logonid ON mm/dd/yy-hh:mm
$KEY(TESTIT) 
AUTOERAS.- ACTION(ERASE) 
ACFAB051 TOTAL RECORD LENGTH= 163 BYTES, 3 PERCENT UTILIZED

This is working for non-VSAM files on non-SMS volumes, but does not work for non-VSAM on SMS volumes, or VSAM files on either type of volume.

For the other three types of datasets to be erased, the catalog SVC, SVC026 must be active.  By default that is set to ignore with ACF2.

CATAUTH JOBNAME=******** USERID=******** PROGRAM=******** RB=SVC026 
               RETCODE=4 SAFDEF=INTERNAL MODE=IGNORE SUBSYS=ACF2 
               FUNCRET=4 FUNCRSN=0 
               RACROUTE REQUEST=AUTH,CLASS='DATASET' 

Environment

Release:
Component: ACF2MS

Resolution

To have catalog validation active, SAFDEF record needs to be INSERTed to override the internal one.  As an example:

SET CONTROL(GSO)
INSERT SAFDEF.SVC026 ID(SVC026) RB(SVC026) MOD E(GLOBAL) RACROUTE(REQUEST=AUTH,CLASS=DATASET)

Since this will turn on validation for all catalog calls, rules will be required to give access to the master and user catalogs.  For an example, let us use MASTER.CATALOG and USER.CATALOG as the dataset names:

$KEY(MASTER)
CATALOG UID(uid string of sysprog) R(A) W(A) A(A) E(A)  <== only the sysprog and security should need access.

$KEY(USER)
CATALOG UID(uid string of sysprog) R(A) W(A) A(A) E(A)  <== only the sysprog and security need full access
CATALOG UID(-) R(A) W(A) A(P) E(A) <== everyone else will need to read and write to the user catalog

Next to activate the SAFDEF record:

F ACF2,REFRESH(SAFDEF) 

At this point, catalogs will be validated, and the AUTOERAS record will work for all 4 types, non-VSAM and VSAM on an SMS volume, and non-VSAM and VSAM on a non-SMS volume.  If SECTRACE is run, the following entry for the data to be erased that looks like this:

TRACEID: TEST EVENT#: 00037360 
JOBNAME: BATCHTST USERID: TESTID ASID: 004B 
PROGRAM: ISRUDL RB CURR: SVC029 APF: YES SFR/RFR: 0/0:4 
SAFDEF: +ENFORCE INTERNAL MODE: GLOBAL 
RACROUTE REQUEST=AUTH,CLASS='DATASET',RELEASE=1.9,RACFIND=NO, 
STATUS=ERASE,ATTR=ALTER,DSTYPE=N, 
ENTITY=('TESTIT.AUTOERAS.DATA'),FILESEQ=0, 
GENERIC=ASIS,LOG=NOFAIL,MSGSP=0,TAPELBL=STD, 
VOLSER='MVSTST',WORKA=