How do I use the RECKEY Subcommand to add a rule entry, $USERDATA, $PREFIX or $MEMBER to an existing rule?

Document ID : KB000011494
Last Modified Date : 17/05/2018
Show Technical Document Details
Question:

How do I use the RECKEY Subcommand to add a rule entry, $USERDATA, $PREFIX or $MEMBER to an existing rule, or insert a new rule?

Answer:

 

The RECKEY subcommand assists security administrators in maintaining rule
sets and compiled infostorage rule records. This subcommand allows the user
to decompile, add, delete or modify a rule entry, recompile, and store the
updated rule set with one command. This command can be used in any ACF mode
that handles compiled records and it executes on other CPF-defined nodes.
The RECKEY command supports the control statements for resource and access
rules (control statements that start with the dollar sign ($) or the
percent symbol (%)) including the $USERDATA, $PREFIX or $MEMBER control
statements.

 

NOTE:  If the rule does not exist, RECKEY will insert the new rule.

 

The following examples demonstrate how to add a rule entry, and $USERDATA, $PREFIX and

 

$MEMBER control statements to an ACCESS and a RESOURCE rule.

 

 

 

Sample RECKEY command to add a rule entry for TEST.QUAL3 to ACCESS rule TEST:

 

set rule
DECOMP TEST                                                            
ACF75052 ACCESS RULE TEST STORED BY USER002 ON 04/01/16-10:58      
$KEY(TEST)                                                         
$USERDATA(MY COMMENT)                                              
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                           
ACF75051 TOTAL RECORD LENGTH= 114 BYTES, 2 PERCENT UTILIZED        

 

RECKEY TEST ADD( QUAL3.- UID(***USER002) READ(A) WRITE(A) EXEC(A))  

 

ACF75052 ACCESS RULE TEST STORED BY USER002 ON 04/01/16-10:58      
ACF70010 ACF COMPILER ENTERED                                      
******** ACCESS RULE TEST STORED BY USER02 ON 04/01/16-10:58      
$KEY(TEST)                                                         
$USERDATA(MY COMMENT)                                              
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                           
 QUAL3.- UID(***USER002) READ(A) WRITE(A) EXEC(A)                  
ACF70051 TOTAL RECORD LENGTH= 158 BYTES, 3 PERCENT UTILIZED        
ACF60207 RULE TEST REPLACED           

 

                             

 

Sample RECKEY command to add $card to ACCESS Rule 

 

SET RULE
decomp *                                                          
ACF75052 ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:54    
$KEY(TEST)                                                        
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                         
ACF75051 TOTAL RECORD LENGTH= 102 BYTES, 2 PERCENT UTILIZED       

 

reckey test add($userdata(my comment))                         

 

ACF75052 ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:57  
ACF70010 ACF COMPILER ENTERED                                 
******** ACCESS RULE TEST STORED BY TEST002 ON 04/01/16-10:57 
$KEY(TEST)                                                     
$USERDATA(MY COMMENT)                                          
 QUAL2.- UID(*) READ(A) WRITE(A) EXEC(A)                      
ACF70051 TOTAL RECORD LENGTH= 114 BYTES, 2 PERCENT UTILIZED    
ACF60207 RULE TEST REPLACED

 

 

 

Sample RECKEY command to add a rule entry for TEST.QUAL3.- to resource rule TESTRSC:

 

SET RESOURCE(TST)
decomp *                                                              
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF75051 TOTAL RECORD LENGTH= 206 BYTES, 5 PERCENT UTILIZED

 

reckey testrsc add( qual3.- uid(user3) allow)

 

ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59 

 

$KEY(TESTRSC) TYPE(TST)                                        
$USERDATA(MY COMMENT)                                          
 QUAL2.- UID(*) ALLOW                                          
 QUAL3.- UID(USER3) ALLOW                                      
ACF70051 TOTAL RECORD LENGTH= 254 BYTES, 6 PERCENT UTILIZED    
ACF60207 RULE R TST TESTRSC REPLACED                           

 

 

 

Sample RECKEY command to add $card to RESOURCE rule  
SET RESOURCE(TST)
decomp *                                                              
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF75051 TOTAL RECORD LENGTH= 206 BYTES, 5 PERCENT UTILIZED           
reckey  add($PREFIX(TEST***))                             
ACF75052 RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59    
ACF70010 ACF COMPILER ENTERED                                        
******** RESOURCE RULE TESTRSC STORED BY TEST002 ON 04/01/16-10:59   
$KEY(TESTRSC) TYPE(TST)
$PREFIX(TEST***)                                               
$USERDATA(MY COMMENT)                                                 
 QUAL2.- UID(*) ALLOW                                                
ACF70051 TOTAL RECORD LENGTH= 218 BYTES, 5 PERCENT UTILIZED           
ACF60207 RULE R TST TESTRSC REPLACED

 

 

 

Sample RECKEY command to insert an ACCESS Rule 
RULE
reckey test add( qual1.- uid(user1) read(a)) 
ACF70010 ACF COMPILER ENTERED                                                
$KEY(TEST)                                                                   
 QUAL1.- UID(USER1) READ(A)                                                  
ACF70050 IN ONE OR MORE RULES, THE EXECUTE ACCESS WAS SET TO THE READ ACCESS 
ACF70051 TOTAL RECORD LENGTH= 110 BYTES, 2 PERCENT UTILIZED                  
ACF60207 RULE TEST INSERTED                                                  

 

 

 

Sample RECKEY command to insert a RESOURCE Rule
set resource(tst)                                                 
RESOURCE                                                         
reckey test add( qual2.- uid(user1) allow)                        
ACF67030 INVALID OPERAND - ADD                                   
RESOURCE                                                         
ACF70010 ACF COMPILER ENTERED                                    
$KEY(TEST) TYPE(TST)                                             
 QUAL2.- UID(USER1) ALLOW                                        
ACF70051 TOTAL RECORD LENGTH= 214 BYTES, 5 PERCENT UTILIZED      
ACF60207 RULE R TST TEST INSERTED 

 

 

 

Additional Information:
Details on the RECKEY subcommand can be found in the CA ACF2 for z/OS documentation:
 
https://docops.ca.com/ca-acf2-for-z-os/16-0/en/administrating/administer-rules/access-rules/process-access-rules-using-the-acf-command-and-ispf-panels
https://docops.ca.com/ca-acf2-for-z-os/16-0/en/administrating/administer-rules/resource-rules/process-resource-rules-using-the-acf-command-and-ispf-panel