I have compiled and stored a new rule. When testing the rule with the ACF2 ISPF panel ACFTEST we are getting the message "NO RULE APPLIES" even though the rule exists, why?

Document ID : KB000025332
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

I have compiled and stored a new rule. When testing the rule with the ACF2 ISPF panel ACFTEST we are getting the message "NO RULE APPLIES" even though the rule exists, why?

 

Description:

The ACF2 ISPF panel A.1.3 "ACFTEST - eTrust CA-ACF2 Security ACCESS RULE TEST FACILITY" is used to test resource rules.
The message "NO RULE APPLIES" indicates no rule entry matching the environment of the request was found in the rule set.

 

Answer:

The A.1.3 panel "ACFTEST - eTrust CA-ACF2 Security ACCESS RULE TEST FACILITY" allows for the specification of either the LOGONID or the UID string for a LOGONID that is being TESTed.

Sample ACFTEST panel:

ACFTEST - ACFTEST - eTrust CA-ACF2 Security ACCESS RULE TEST FACILITY ---------
   COMMAND ===> 
   
   RULEID NAME TO BE TESTED:        DECOMPILE PRIOR TO TEST: 
   $KEY           ===>            DECOMP       ===> NO   YES/NO 
   DATA SET NAME TO BE TESTED: 
   DATA SET NAME  ===> 
   LOGONID OR UID STRING OF THE USER AGAINST WHICH THE RULE WILL BE TESTED 
   LOGONID        ===>            UID          ===> 
   
   ADDITIONAL PARAMETERS TO BE ASSOCIATED WITH THE TEST 
   TIME           ===>            VOLUME SERIAL  ===> 
   LIBRARY NAME   ===> 
   PROGRAM NAME   ===>            DDNAME         ===> 
   INPUT SOURCE   ===>            DATE           ===> 
   ACCESS         ===> READ       READ,WRITE,EXEC,ALLOC 
   NOPREFIX       ===> NO         YES/NO 
   ------------- ACFTEST OUTPUT DISPLAY AREA -------------------- 

Users should be careful when specifying either the LOGONID or the UID. If the UID string is specified in the LOGONID field or the LOGONID is specified in the UID field the test may fail with the "NO RULE APPLIES" message.

"NO RULE APPLIES" is not an indication that the rule set does not exist, it is an indication that no rule entry matching the environment of the request was found in the rule(set). If the rule set could not be found, the message "ACF03005 RULE RECORD NOT FOUND" would be issued.