What is the ACF2 ACCESS Command and how is it used?
Article ID: 26328
ACF2ACF2 - DB2 OptionACF2 for zVMACF2 - z/OSACF2 - MISCPanAptPanAudit
What is the ACF2 TSO ACCESS subcommand? How is it used?
Release: Component: ACF2MS
What is the access command?
The ACCESS command is used to display 'who' has access to specific resource or dataset. The ACCESS subcommand lists each rule line that matches a given input resource and the users that match the UID mask on the rule line(s). The ACCESS subcommand simulates validation for users that match UID masks on rule line(s). If a user's UID matches the UID mask on a given rule line, the user is not listed after subsequent rule lines that contain a matching UID mask. The exceptions to this rule are the rule lines that contain environment variables- such as, PROGRAM, SHIFT, RECCHECK, LIB, etc. When these parameters are found on rule lines and a user has not matched a previous rule line that do not contain environment variables, the ACCESS subcommand's output will list the user after the matching rule lines, until a matching rule line is encountered that does not contain environment variables. This rule line is the last rule line that the user will be listed under. The ACCESS subcommand will also process through any NEXTKEY's that are in the rules. Currently, the ACCESS command will not process Keys that have been modified by Exits.
The GSO OPTS ACCESS|NOACCESS Option needs to be enabled. This specifies whether the ACCESS subcommand is enabled for processing. The default is NOACCESS.
Note: A refresh of the OPTS record and an F ACF2,NEWUID operator command is required to build the LID/UID cross- reference table. This command needs to be issued anytime you add logonid records or update their uid string. This command updates the in storage UID table used by the ACCESS command.