I have setup CPF between two ACF2 LPARs. Command Propagation seems to work well for CHANGE, DELETE, INSERT on LIDs; and DELETE works on rules. How can we propagate COMPILE commands for rules?
search cancel

I have setup CPF between two ACF2 LPARs. Command Propagation seems to work well for CHANGE, DELETE, INSERT on LIDs; and DELETE works on rules. How can we propagate COMPILE commands for rules?

book

Article ID: 53326

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

Description:

Compile commands for Resource and Access rules do not get propogated using CPF.

CA ACF2 CPF will propagate the RECKEY subcommand for modifying compiled infostorage records, and access and resource rules, and the DELETE command for access and resource rules.

Solution:

The RECKEY subcommand allows a user to decompile, add, delete or modify a rule entry, recompile, and store the updated rule set with one command. This command can be used in any ACF mode that handles compiled records and it executes on other CPF-defined nodes with Command Propagation.

The following examples demonstrate how the RECKEY can be used to create/add a new resource rule, add a rule entry to an existing resource rule and delete a rule entry from an existing resource rule. These example RECKEY commands can be propagated with CPF if Command Propagation is active.

** ADD A NEW RESOURCE RULE PAYM TYPE(CKC)
SET RESOURCE(CKC)  
RECKEY PAYM ADD(TEST UID(HRS-) ALLOW)
 
ACF70010 ACF COMPILER ENTERED 
 
$KEY(PAYM) TYPE(CKC) 
TEST UID(HRS-) ALLOW 
ACF70051 TOTAL RECORD LENGTH= 196 BYTES, 4 PERCENT UTILIZED 
ACF60207 RULE R CKC PAYM INSERTED  
ACF60039 Issue the F ACF2,REBUILD(CKC) command to activate the rule  
RESOURCE 
 
** ADD A RESOURCE RULE ENTRY TO THE EXISTING PAYM TYPE(CKC) RULE
SET RESOURCE(CKC) 
RECKEY PAYM ADD(test2 UID(abc-) ALLOW)
 
ACF75052 RESOURCE RULE PAYM STORED BY USER002 ON 09/16/09-07:14 
ACF70010 ACF COMPILER ENTERED  
  
******** RESOURCE RULE PAYM STORED BY USER002 ON 09/16/09-07:14
$KEY(PAYM) TYPE(CKC)  
TEST UID(HRS-) ALLOW  
TEST2 UID(ABC-) ALLOW  
ACF70051 TOTAL RECORD LENGTH= 230 BYTES, 5 PERCENT UTILIZED 
ACF60207 RULE R CKC PAYM REPLACED 
ACF60039 Issue the F ACF2,REBUILD(CKC) command to activate the rule  
RESOURCE 
  
** DELETE A RESOURCE RULE ENTRY FROM THE EXISTING PAYM TYPE(CKC) RULE
SET RESOURCE(CKC) 
RECKEY PAYM delete(TEST UID(HRS) ALLOW)
 
ACF75052 RESOURCE RULE PAYM STORED BY USER002 ON 09/16/09-07:14 
ACF60202 THE FOLLOWING RULE LINE(S) WILL BE DELETED  
TEST UID(HRS) ALLOW 
ACF70010 ACF COMPILER ENTERED  
  
******** RESOURCE RULE PAYM STORED BY USER002 ON 09/16/09-07:14 
$KEY(PAYM) TYPE(CKC)  
 TEST2 UID(ABC) ALLOW  
ACF70051 TOTAL RECORD LENGTH= 196 BYTES, 4 PERCENT UTILIZED 
ACF60207 RULE R CKC PAYM REPLACED 
ACF60039 Issue the F ACF2,REBUILD(CKC) command to activate the rule  
RESOURCE 
 
** MODIFY AN EXISTING RESOURCE RULE ENTRY IN THE EXISTING PAYM TYPE(CKC) RULE
RECKEY PAYM MOD(TEST UID(HRS) ALLOW, TEST UID(HRS) PREVENT)
  
ACF75052 RESOURCE RULE PAYM STORED BY USER002 ON 09/16/09-07:47 
ACF60202 THE FOLLOWING RULE LINE(S) WILL BE DELETED 
TEST UID(HRS) ALLOW  
ACF70010 ACF COMPILER ENTERED 
 
******** RESOURCE RULE PAYM STORED BY USER002 ON 09/16/09-07:47 
$KEY(PAYM) TYPE(CKC) 
TEST UID(HRS) PREVENT 
ACF70051 TOTAL RECORD LENGTH= 196 BYTES, 4 PERCENT UTILIZED  
ACF60207 RULE R CKC PAYM REPLACED 
ACF60039 Issue the F ACF2,REBUILD(CKC) command to activate the rule 
RESOURCE

Details on the RECKEY subcommand can be found in the CA ACF2 for z/OS Administrator Guide sections "Chapter 6: Maintaining Access Rules" and "Chapter 7: Maintaining Resource Rules".

Environment

Release:
Component: ACF2MS
Powered by Wolken Software