Can I use extended resource rules for CA-ACF2 DB2 rules?

Document ID : KB000026098
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Can I use extended resource rules when writing CA-ACF2 DB2 rules? We are new with the CA-ACF2 DB2 product and have just installed CA-ACF2 DB2 1.3.

Answer:

Extended resource rule support is part of the CA-ACF2 DB2 rule writing process. You can either write the DB2 rule key with the full resource name or write the rule key with the first index of the resource name. The following examples show how to write CA-ACF2 DB2 rules:

ACF set c(db2) sysid(xxxx) type(TBL)

Note: "xxxx" is the DB2 subsystem (1 - 4 characters), and "type" identifies the 3 character code associated with the DB2 resource.

The following TBL rule uses the full TBL name in the $KEY option:

$KEY(VDPS2.V***********************) TYPE(TBL) SYSID(xxxx)       
UID(**0106***KGXE7) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW  
UID(**0106***KSDF4***F) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW   
UID(**0106***KSDF****A) SERVICE(SELECT) ALLOW 
UID(**0106***KSDF) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW  

You can also write the above TBL rule by using the extended rule process:

$KEY(VDPS2) TYPE(TBL) SYSID(xxxx)  
V- UID(**0106***KGXE7) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW 
V- UID(**0106***KSDF4***F) SERVICE(DELETE,INSERT,SELECT,UPDATE)  ALLOW       
V- UID(**0106***KSDF****A) SERVICE(SELECT) ALLOW  
V- UID(**0106***KSDF) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW 

The CA-ACF2 DB2 Administration Guide, the chapter on Writing Rules, documents detailed information related to writing CA-ACF2 DB2 rules. Also, the chapter on Maintaining Resource Rules, in the CA-ACF2 Administration Guide contains additional information related to extended resource rules.