How does the Validate command for X(ROL) Records work?
search cancel

How does the Validate command for X(ROL) Records work?

book

Article ID: 69210

calendar_today

Updated On: 10-06-2023

Products

ACF2 ACF2 - DB2 Option ACF2 - z/OS ACF2 - MISC

Issue/Introduction

How does the Validate command for X(ROL) Records work?

Environment

Release:
Component: ACF2MS

Resolution

The VALIDATE subcommand must be issued from within the SET X(ROL) setting of the ACF command. The VALIDATE subcommand has the following syntax:

Validate {*|recid|LIke(recidmask)} 
[SYSid(?|sysid)|Division(?|div)] 
[MSYSid(sysidmask)|MDiv(divmask)] 
[TARGET(null|=|?|nodemask1,...,nodemask100)]
CPFWAIT|NOCPFWAIT

X(ROL) records are SYSID dependent. When ACF2 starts up or when an F ACF2,NEWXREF,TYPE(ROL) command is issued, it builds a structure of all the X(ROL) records in storage, based on the SYSID at startup or as specified on the NEWXREF command. When a user signs on, ACF2 builds their list of roles based on this structure. For this reason, it is very important to maintain the correct SYSID for X(ROL) records. Add SYSID(********) to the SET subcommand before issuing the VALIDATE command.

When validating logonids within an X(ROL) ROLE record, if any logonids are not found the VALIDATE subcommand returns the following text message along with a list of logonids not found:

ACF
SET X(ROL)
VALIDATE myrole

LOGONIDS NOT FOUND FOR ROLE myrole
logonid1 logonid 2 ……….. logonidn

When validating logonids within a role and all logonids are found, the VALIDATE X-ROL subcommand returns the following:

 ROLE rolename VALID

Example 1 logonids USER003 USER002 USER001 exist in the ACF2 LOGONID database but USER099 does exist:

SET X(ROL)
LIST SYS123 

 XE61 / SYS123 LAST CHANGED BY SYS123 ON 11/23/09-13:59                    
                      INCLUDE(USER003 USER002 USER001 USER099) ROLE 

 XREF 

VALIDATE sys123                                   

 INCLUDE LOGONIDS NOT FOUND FOR ROLE SYS123
 USER099                                          

Example 2 logonids USER003 USER002 USER001 exist in the ACF2 LOGONID database:  

SET X(ROL)
LIST ACF2TST1                                                                    

  XE61 / ACF2TST1 LAST CHANGED BY USER001 ON 06/08/16-04:05                     
                       INCLUDE(USER003 USER002 USER001) ROLE

 XREF                   

VALIDATE ACF2TST1       

  ROLE ACF2DEV1 VALID