How to determine if the RULELONG facility of CA ACF2 Security should be utilized?
search cancel

How to determine if the RULELONG facility of CA ACF2 Security should be utilized?

book

Article ID: 53596

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 - z/OS ACF2 - MISC

Issue/Introduction

A site can determine the need to increase the 4K rulesize to a larger size with RULELONG by evaluating their current access and resource rules.

 

Environment

Release:
Component: ACF2MS

Resolution

RULELONG allows for access and resource rules greater than 4K up to a maximum of 32K. The first thing to determine is if there is really a need to increase the size of the rules. If there are only have 3-6 rules that are over 4K, then it would be better off leaving the rules at 4k, and making these few rules and their NEXTKEYS as resident, either in RESRULES or INFODIR depending on the type. If there are many rules that are over 4K or a large number of rules that are approaching the NEXTKEY nesting limit of 25 then increasing the rulesize should be considered.

There are two REXX EXECs in ACF2.CAIREXX that can be used to determine the size of resource and access rules and sort them from largest to smallest. The REXX EXEC ACFRSCSZ can be used for resource rules and ACFDSNSZ can be used for access rules.

For detailed steps on implementing RULELONG see the ACF2 Documentation Expand Rule Sets Using RULELONG.

Additional Information

Audited by Michael Blaha on 10/16/2023