ACF2 AUTOERAS feature not deleting all data for all types. I have set PROCESS(SAF)

Document ID : KB000033271
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

 I have an AUTOERAS record created to delete VSAM and NON-VSAM data:

 

**** / AUTOERAS LAST CHANGED BY logonid ON mm/dd/yy-hh:mm

NOERASEALL NONON-VSAM PROCESS(SAF) NOSECLEVEL SECLVL(0) 

VOLS(VOL001) NOVSAM 

 

I would like to get this to work for all volumes, whether SMS or non-SMS controlled.  I created a profile record to test:

 

set profile(erase) division(profile) 

PROFILE 

list like(-) 

ACFAB072 PROFILE TESTIT STORED BY logonid ON mm/dd/yy-hh:mm

$KEY(TESTIT) 

AUTOERAS.- ACTION(ERASE) 

ACFAB051 TOTAL RECORD LENGTH= 163 BYTES, 3 PERCENT UTILIZED

 

This is working for non-VSAM files on non-SMS volumes, but does not work for non-VSAM on SMS volumes, or VSAM files on either type of volume.

 

Cause: 

For the other three types of datasets to be erased, the catalog SVC, SVC026 must be active.  By default that is set to ignore with ACF2.

 

CATAUTH JOBNAME=******** USERID=******** PROGRAM=******** RB=SVC026 

               RETCODE=4 SAFDEF=INTERNAL MODE=IGNORE SUBSYS=ACF2 

               FUNCRET=4 FUNCRSN=0 

 

               RACROUTE REQUEST=AUTH,CLASS='DATASET' 

 

Resolution: 

To have catalog validation active, you will need to insert a SAFDEF record to override the internal one.  As an example:

set control(gso)

CONTROL

insert safdef.svc026 id(svc026) rb(svc026) mode(global) racroute(request=auth,class=dataset)

 

Since this will turn on validation for all catalog calls, you will need to create some rules to give access to the master and user catalogs.  For an example, let us use MASTER.CATALOG and USER.CATALOG as the dataset names:

 

$KEY(MASTER)

CATALOG UID(uid string of sysprog) R(A) W(A) A(A) E(A)  <== only the sysprog and security should need access.

 

$KEY(USER)

CATALOG UID(uid string of sysprog) R(A) W(A) A(A) E(A)  <== only the sysprog and security need full access

CATALOG UID(-) R(A) W(A) A(P) E(A) <== everyone else will need to read and write to the user catalog

 

Now you need to activate the SAFDEF record:

F ACF2,REFRESH(SAFDEF) 

At this point, catalogs will be validated, and the AUTOERAS record will work for all 4 types, non-VSAM and VSAM on an SMS volume, and non-VSAM and VSAM on a non-SMS volume.  If you run a SECTRACE, you should see an entry for the data to be eraced that looks like this:

TRACEID: TEST EVENT#: 00037360 

JOBNAME: BATCHTST USERID: TESTID ASID: 004B 

PROGRAM: ISRUDL RB CURR: SVC029 APF: YES SFR/RFR: 0/0:4 

SAFDEF: +ENFORCE INTERNAL MODE: GLOBAL 

RACROUTE REQUEST=AUTH,CLASS='DATASET',RELEASE=1.9,RACFIND=NO, 

STATUS=ERASE,ATTR=ALTER,DSTYPE=N, 

ENTITY=('TESTIT.AUTOERAS.DATA'),FILESEQ=0, 

GENERIC=ASIS,LOG=NOFAIL,MSGSP=0,TAPELBL=STD, 

VOLSER='MVSTST',WORKA=