How do I determine if our site needs to utilize the RULELONG facility of CA ACF2 Security?

Document ID : KB000053596
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

A site can determine the need to increase the 4K rulesize to a larger size with RULELONG by evaluating their current access and resource rules.

Solution:

RULELONG allows for access and resource rules greater than 4K up to a maximum of 32K. The first thing to determine is do you really need to increase the size of the rules. If you only have 3-6 rules that are over 4K, then you would be better off leaving the rules at 4k, and making these few rules and their NEXTKEYS as resident, either in RESRULES or INFODIR depending on the type. If you have many rules that are over 4K or a large number of rules that are approaching the NEXTKEY nesting limit of 25 then you may want to increase the rulesize.

There are two REXX EXECs in ACF2.CAIREXX that can be used to determine the size of resource and access rules and sort them from largest to smallest. The REXX EXEC ACFRSCSZ can be used for resource rules and ACFDSNSZ can be used for access rules.

For detailed steps on implementing RULELONG see the CA ACF2 for z/OS Installation Guide, Step 14: Create CA ACF2 VSAM Databases, item 6.