Is it possible to use a NEXTKEY statement from an "old" UID ruleset to a "ROLE" based ruleset or vice versa?

A site can NEXTKEY from a Role-based ruleset to a UID-based ruleset or from a UID-based ruleset to a Role-based ruleset.

A site can switch between Role-based rulesets and UID-based rulesets within a NEXTKEY chain. The only restriction is that you cannot mix Role-based rules and UID-based rules within a single ruleset. If you create a $roleset rule you can only write rule lines with either ROLE or USER parameters. If you write a ruleset WITHOUT the $ROLESET parameter, then only the UID rule entry parameter is valid.

The following two examples demonstrate the use of NEXTKEYs with Role-based rulesets and UID-based rulesets.

Example 1: NEXTKEY Chain from a Role-based ruleset, to a UID-based ruleset, to a Role-based ruleset

$KEY(MASTER)
$ROLESET 
TEST ROLE(*ROLE*) NEXTKEY(MASTER2) 
TEST ROLE(0) 

$KEY(MASTER2)
$PREFIX(MASTER) 
- UID(A************40) NEXTKEY(MASTER3) 
- UID(*) READ(A) WRITE(A) EXEC(A) 

$KEY(MASTER3)
$ROLESET
$PREFIX(MASTER) 
- ROLE(*ROLE*) READ(A) WRITE(A) EXEC(A)

Example 2: NEXTKEY from a UID-based ruleset to a Role-based ruleset

$KEY(MASTERA) 
- UID(A************40) NEXTKEY(MASTERB) 
- UID(*) READ(A) WRITE(A) EXEC(A) 

$KEY(MASTERB)
$ROLESET
$PREFIX(MASTERA) 
- ROLE(*ROLE*) READ(A) WRITE(A) EXEC(A) 
TEST ROLE(0)

Details on Role-based rulesets and NEXTKEYS can be found in the CA ACF2 for z/OS documentation in section "Use NEXTKEYs with $ROLESET Rules"