Question:
What does the WHEN(CONSOLE(xxxx)) RACF statement correlate to in ACF2? I have seen this for SDSF, JMON, and EJES.
Answer:
IBM updates the POE (Port Of Entry) of the token of the call with the name in the WHEN statement. To ACF2, the POE is the Source. So for SDSF and JMON, the rule lines would look like this:
RACF STATEMENT>> PERMIT CLASS(OPERCMDS) JES2.** ID(*) ACCESS(CONTROL) WHEN(CONSOLE(SDSF))
>> $KEY(JES2) TYPE(OPR)
- UID(uid string of allowed users) SERVICE(DELETE) ALLOW SOURCE(SDSF)
RACF statement>> PERMIT JES%.** CLASS(OPERCMDS) ID(*) ACCESS(UPDATE) WHEN(CONSOLE(JMON))
>> $KEY(JES%) TYPE(OPR)
- UID(uid string of allowed users) SERVICE(UPDATE) ALLOW SOURCE(JMON)
RACF STATEMENT >> PERMIT CLASS(OPERCMDS) JES3.** ID(*) ACCESS(UPDATE) WHEN(CONSOLE(EJES))
>> $KEY(JES3) TYPE(OPR)
- UID(uid string of allowed users) SERVICE(UPDATE) ALLOW SOURCE(EJES)
-