How you define a SCOPE record to allow user access to several specific INFOSTG records but prevent access to all others?

Document ID : KB000026327
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

How you define a SCOPE record to allow user access to several specific INFOSTG records but prevent access to all others?

 

Description:

ACF2 SCOPE INF records can be used to allow/limit a user's access to records in the ACF2 INFOSTG database.

 

Answer:

The INF parameter of the SCOPE record is used to limit/allow access to records in the ACF2 INFOSTG database.
The format of the INF record is as follows.

INF(ctttk)
    | | |     
    | | k Record ID name ie. ACFM, PAYROLL, OPTS
    | | 
    |ttt Type code (ie. GSO, PLN, SGP, EXP, AUT, DSN, SAF, SCP, ZON, RGP).
    |
    c Storage class (C, D, E, F, I, P, R, S, T, X)

The following tables list the different types and descriptions for the 10 Storage Classes that can be specified in the SCOPE INF record along with samples.

You can specify a single value or a list of values using the ACF2 masking characters asterisk (*) and dash (-). If the dash (-) mask character is used anywhere except at the end of an INF parameter, it is taken as a literal character. To use masking in the middle of an INF parameter, you must use the asterisk (*). For example, INF(RSAFTEST.****.RESOURCE) can be used to mask a four-character second level resource

Storage class: C Control records 
Type  Description 
????  ?????????????????????????????????????????????????????
LDS   LDAP Directory Services * See note
GSO   Global System Options * See note
CPF   Command Propagation * See note
CAC   Cache Records * See note
NET   Distributed Database Records * See note
SMS   Storage Management Class Records
TSO   TSO Full-Screen Logon Retention Records  
 
Sample: INF(CLDS-, CGSO-, CCPF-, CCAC-, CNET-, CSMS-, and CTSO- )

* Note: These control records include the SYSID in the INF parameter.

INF(ctttssssssssk)
    | |    |    |
    | |    |    k Record ID name ie. ACFM, PAYROLL, OPTS
    | |    |
    | | ssssssss Sysid name on which cross-reference records reside.
    | | 
    |ttt Type code (ie. GSO, PLN, SGP, EXP, AUT, DSN, SAF, SCP, ZON, RGP).
    |
    c Storage class (C, D, E, F, I, P, R, S, T, X)
Storage class: D DB2 records  
Type  Description     
????  ?????????????????????????????????????????????????????
BPL   Buffer Pools
COL   Collections
DBS   Databases
FNC   Functions (DB2 Version 6.1 and above)
JAR   JAR files (DB2 Version 7.1 and above)
PKG   Packages
PLN   Application Plans
PRC   Stored Procedures (DB2 Version 6.1 and above)
SCH   Schemas (DB2 Version 6.1 and above)
SEQ   Sequences
STG   Storage Groups
SYS   System Privileges and Utilities
TBL   Tables (and views)
TSP   Table Spaces
TYP   Distinct Types (DB2 Version 6.1 and above)
 
Sample: INF(DBPL-, DSNA-)
Storage class: E Entry records 
Type  Description  
????  ?????????????????????????????????????????????????????
SGP   Entry Source Group Records
SRC   Entry Source Records
Sample: INF(ESGP-, ESRC-, )
 
Storage class: F Field records 
Type  Description 
????  ??????????????????????????????????????? 
REC   RECORD Definition Records
Sample: INF(FREC-)
 
Storage class: I Identity records 
Type  Description 
????  ??????????????????????????????????????? 
AUT   Identity Records
Sample: INF(IAUT-)
 
Storage class: P Profile records
Type  Description          
????  ??????????????????????????????????????? 
ALU   APPCLU Records
DSN   DATASET Records
DLF   DLFCLASS Records
GRP   GROUP Records
KEY   KEYSMSTR Records
PTK   PTKTDATA Records
SDB   SDB2 Records
SEC   SECLABEL Records
SMV   SYSMVIEW Records
USR   USER Records
 
Sample: INF(PUSROMVS-, PGRP-)
 
Storage class: R Resource rule records 
Type  Description    
????  ??????????????????????????????????????? 
xxx   Type Code for rsource class
SAF   SAF Resource Class
Sample: INF(RSAF-,RFACIRR.DIG****.-)
 
Storage class: S Scope records 
Type  Description   
????  ??????????????????????????????????????? 
SCP   Scope Records
Sample: INF(sscp-)
 
Storage class: T Shift records 
Type  Description    
????  ???????????????????????????????????????    
SFT   Shift Records
ZON   Zone Records
Sample: INF(tsft-)
 
 
Storage class: X Cross-reference records 
Type  Description    
????  ???????????????????????????????????????
SGP   XREF Source Group Records
RGP   XREF Group Group Records
Sample: INF(xsgp-, xrgp-)

Sample INSERT of a SCOPE record with the INF paramater.
 
 ACF
set scope(scp)
 SCOPE
insert scope1 dsn(payroll) lid(act-) uid(1h*pr-) INF(ESRC-,XSGP-,PUSROMVS-, RFACIRR.DIG****.-)

Note:

ACF2 loads scope records into storage at initialization time. Any changes you make to these records once CA-ACF2 for z/OS is running (like adding a new record, changing an existing record, or deleting a record) do not take effect until you rebuild the records and the users address space is cycled. To rebuild scope records dynamically, issue the following operator command. After issuing the command have the user log off and log back on. F ACF2,REBUILD(SCP),CLASS(S)