What is the CA-ACF2 ACCESS Command and how do I use it?

Document ID : KB000026328
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

I was browsing the CA-ACF2 manuals and I see something about an ACCESS command. What is it? How is it used?

 

Answer:

  1. What is the access command?

    The ACCESS command is used to display 'who' has access to specific resource or dataset. The ACCESS subcommand lists each rule line that matches a given input resource and the users that match the UID mask on the rule line(s). The ACCESS subcommand simulates validation for users that match UID masks on rule line(s). If a user's UID matches the UID mask on a given rule line, the user is not listed after subsequent rule lines that contain a matching UID mask. The exceptions to this rule are the rule lines that contain environment variables- such as, PROGRAM, SHIFT, RECCHECK, LIB, etc. When these parameters are found on rule lines and a user has not matched a previous rule line that do not contain environment variables, the ACCESS subcommand's output will list the user after the matching rule lines, until a matching rule line is encountered that does not contain environment variables. This rule line is the last rule line that the user will be listed under. The ACCESS subcommand will also process through any NEXTKEY's that are in the rules.

  2. Syntax of the ACCESS subcommand:

    Access [Dsname(dsname)] [Resource(resourcename) Type(typecode) [Class(c)]
    [Sysid(sysid)]]

  3. How to enable the access command:

    The GSO OPTS ACCESS|NOACCESS Option needs to be enabled. This specifies whether the ACCESS subcommand is enabled for processing.
    The default is NOACCESS.

    Note: A refresh of the OPTS record and an F ACF2,NEWUID operator command is required to build the LID/UID cross- reference table. This command needs to be issued anytime you add logonid records or update their uid string. This command updates the in storage UID table used by the ACCESS command.

  4. ACCESS command - example:

    ? access dsname('SYSX.dummy')
    ACCESS Subcommand Results For: SYSX.DUMMY

    Key: SYSX

    Ruleline: - UID(*) LIB('SYS1.LINKLIB') PGM(IEBGENER) READ(A) WRITE(A) ALLOC(A) EXEC(A)
    Lids: All logonids Reason: The environment LIB and PGM are not checked.

    Ruleline: - UID(*) READ(A) WRITE(A) EXEC(A)
    Lids: All other logonids

The CA-ACF2 Administration Guide chapter 1, contains detailed documentation related to the ACCESS subcommand.