How do I use the RECKEY Subcommand to add a rule entry, $USERDATA, $PREFIX or $MEMBER to an existing rule?

Document ID : KB000011494
Last Modified Date : 26/07/2018
Show Technical Document Details
Question:

How do I use the RECKEY Subcommand to add a rule entry, $USERDATA, $PREFIX or $MEMBER to an existing rule, or insert a new rule?

Answer:

The RECKEY subcommand assists security administrators in maintaining rule sets and compiled infostorage rule records. This subcommand allows the user to decompile, add, delete or modify a rule entry, recompile, and store the updated rule set with one command. This command can be used in any ACF mode that handles compiled records and it executes on other CPF-defined nodes The RECKEY command supports the control statements for resource and access rules (control statements that start with the dollar sign ($) or the percent symbol (%)) including the $USERDATA, $PREFIX or $MEMBER control statements.

NOTE:  If the rule does not exist, RECKEY will insert the new rule.

The following examples demonstrate how to add a rule entry, and $USERDATA, $PREFIX and $MEMBER control statements to an ACCESS and a RESOURCE rule.

Sample RECKEY command to add a rule entry for TEST.QUAL3 to ACCESS rule TEST:

set rule
DECOMP TEST                                                            
ACF75052 ACCESS RULE TEST STORED BY USER002 ON 04/01/16-10:58      
$KEY(TEST)                                                         
$USERDATA(MY COMMENT)                                              
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                           
ACF75051 TOTAL RECORD LENGTH= 114 BYTES, 2 PERCENT UTILIZED        

RECKEY TEST ADD( QUAL3.- UID(***USER002) READ(A) WRITE(A) EXEC(A))  
ACF75052 ACCESS RULE TEST STORED BY USER002 ON 04/01/16-10:58      
ACF70010 ACF COMPILER ENTERED                                      
******** ACCESS RULE TEST STORED BY USER02 ON 04/01/16-10:58      
$KEY(TEST)                                                         
$USERDATA(MY COMMENT)                                              
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                           
 QUAL3.- UID(***USER002) READ(A) WRITE(A) EXEC(A)                  
ACF70051 TOTAL RECORD LENGTH= 158 BYTES, 3 PERCENT UTILIZED        
ACF60207 RULE TEST REPLACED
           

Sample RECKEY command to add $card to ACCESS Rule 

SET RULE
decomp *                                                          
ACF75052 ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:54    
$KEY(TEST)                                                        
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                         
ACF75051 TOTAL RECORD LENGTH= 102 BYTES, 2 PERCENT UTILIZED       

reckey test add($userdata(my comment))                         
ACF75052 ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:57  
ACF70010 ACF COMPILER ENTERED                                 
******** ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:57 
$KEY(TEST)                                                     
$USERDATA(MY COMMENT)                                          
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                      
ACF70051 TOTAL RECORD LENGTH= 114 BYTES, 2 PERCENT UTILIZED    
ACF60207 RULE TEST REPLACED

Sample RECKEY command to add a rule entry for TEST.QUAL3.- to resource rule TESTRSC:

SET RESOURCE(TST)
decomp *                                                              
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF75051 TOTAL RECORD LENGTH= 206 BYTES, 5 PERCENT UTILIZED

reckey testrsc add( qual3.- uid(user3) allow)
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59 
$KEY(TESTRSC) TYPE(TST)                                        
$USERDATA(MY COMMENT)                                          
 QUAL2.- UID(*) ALLOW                                          
 QUAL3.- UID(USER3) ALLOW                                      
ACF70051 TOTAL RECORD LENGTH= 254 BYTES, 6 PERCENT UTILIZED    
ACF60207 RULE R TST TESTRSC REPLACED      
                     

Sample RECKEY command to add $card to RESOURCE rule  

SET RESOURCE(TST)
decomp *                                                              
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF75051 TOTAL RECORD LENGTH= 206 BYTES, 5 PERCENT UTILIZED           
reckey  add($PREFIX(TEST***))                             
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59    
ACF70010 ACF COMPILER ENTERED                                        
******** RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$PREFIX(TEST***)                                               
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF70051 TOTAL RECORD LENGTH= 218 BYTES, 5 PERCENT UTILIZED           
ACF60207 RULE R TST TESTRSC REPLACED

Sample RECKEY command to insert an ACCESS Rule 

RULE
reckey test add( qual1.- uid(user1) read(a)) 
ACF70010 ACF COMPILER ENTERED                                                
$KEY(TEST)                                                                   
 QUAL1.- UID(USER1) READ(A)                                                  
ACF70050 IN ONE OR MORE RULES, THE EXECUTE ACCESS WAS SET TO THE READ ACCESS 
ACF70051 TOTAL RECORD LENGTH= 110 BYTES, 2 PERCENT UTILIZED                  
ACF60207 RULE TEST INSERTED 
                                                 

Sample RECKEY command to insert a RESOURCE Rule

set resource(tst)                                                 
RESOURCE                                                         
reckey test add( qual2.- uid(user1) allow)                        
ACF67030 INVALID OPERAND - ADD                                   
RESOURCE                                                         
ACF70010 ACF COMPILER ENTERED                                    
$KEY(TEST) TYPE(TST)                                             
 QUAL2.- UID(USER1) ALLOW                                        
ACF70051 TOTAL RECORD LENGTH= 214 BYTES, 5 PERCENT UTILIZED      
ACF60207 RULE R TST TEST INSERTED 

Additional Information:
Details on the RECKEY subcommand can be found in the CA ACF2 for z/OS documentation:
 
https://docops.ca.com/ca-acf2-for-z-os/16-0/en/administrating/administer-rules/access-rules/process-access-rules-using-the-acf-command-and-ispf-panels
https://docops.ca.com/ca-acf2-for-z-os/16-0/en/administrating/administer-rules/resource-rules/process-resource-rules-using-the-acf-command-and-ispf-panel