How does the Validate command for X(ROL) Records work?
The VALIDATE subcommand must be issued from within the SET X(ROL) setting of the ACF command. The VALIDATE subcommand has the following syntax:
Validate {*|recid|LIke(recidmask)}
[SYSid(?|sysid)|Division(?|div)]
[MSYSid(sysidmask)|MDiv(divmask)]
[TARGET(null|=|?|nodemask1,...,nodemask100)]
CPFWAIT|NOCPFWAIT
X(ROL) records are SYSID dependent. When ACF2 starts up or when an F ACF2,NEWXREF,TYPE(ROL) command is issued, it builds a structure of all the X(ROL) records in storage, based on the SYSID at startup or as specified on the NEWXREF command. When a user signs on, ACF2 builds their list of roles based on this structure. For this reason, it is very important to maintain the correct SYSID for X(ROL) records. Add SYSID(********) to the SET subcommand before issuing the VALIDATE command.
When validating logonids within an X(ROL) ROLE record, if any logonids are not found the VALIDATE subcommand returns the following text message along with a list of logonids not found:
ACF
SET X(ROL)
VALIDATE myrole
LOGONIDS NOT FOUND FOR ROLE myrole
logonid1 logonid 2 ……….. logonidn
When validating logonids within a role and all logonids are found, the VALIDATE X-ROL subcommand returns the following:
ROLE rolename VALID
Example 1 logonids USER003 USER002 USER001 exist in the ACF2 LOGONID database but USER099 does exist:
SET X(ROL)
LIST SYS123
XE61 / SYS123 LAST CHANGED BY SYS123 ON 11/23/09-13:59
INCLUDE(USER003 USER002 USER001 USER099) ROLE
XREF
VALIDATE sys123
INCLUDE LOGONIDS NOT FOUND FOR ROLE SYS123
USER099
Example 2 logonids USER003 USER002 USER001 exist in the ACF2 LOGONID database:
SET X(ROL)
LIST ACF2TST1
XE61 / ACF2TST1 LAST CHANGED BY USER001 ON 06/08/16-04:05
INCLUDE(USER003 USER002 USER001) ROLE
XREF
VALIDATE ACF2TST1
ROLE ACF2DEV1 VALID