How do I setup ACF2 rules for the IFASMF resource?

Document ID:  TEC1010875
Last Modified Date:  07/17/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA ACF2 for z/OS

Components

  • CA ACF2 for z/OS:ACF2MS
Question:

How do I setup ACF2 rules for the IFASMF resource?

Answer:

The IFASMF resource is used to check authority to read the SMF log stream or in-memory resource.

With ACF2 resources do not need to be defined, all resources are protected by default.

The following provide details on setting up ACF2 rules for the IFASMF resource.

Read the SMF Log Stream

You must give this user ID the READ authority to the profile that you set up to secure your SMF log stream or in-memory resource, where IFASMF.resource is the name of the SMF log stream or in-memory resource that is being used to capture SMF records 

PERMIT IFASMF.resource CLASS(LOGSTRM) ACCESS(READ) ID(userid) 

The ACF2 equivalent:

The default resource type for LOGSTRM is SAF. If you want to use a different type code, insert a GSO CLASMAP record as follows:

ACF
SET CONTROL(GSO)
INSERT CLASMAP.logstrm RESOURCE(LOGSTRM) RSRCTYPE(log)
F ACF2,REFRESH(CLASMAP)

Where log is the type code you select.

Sample ACF2 Rule:

ACF
SET RESOURCE(LOG)
RECKEY IFASMF ADD( resource UID(userid) SERVICE(READ) ALLOW)

* where userid is the UID string of the logonid accessing the resource.

Read the In-Memory Resource

PERMIT IFA.IFASMF.resource CLASS(FACILITY) ACCESS(READ) ID(userid) 

where userid is the user ID associated with the System Data Engine. 

Sample ACF2 Rule:

ACF
SET RESOURCE(FAC)
RECKEY IFA ADD( IFASMF.resource UID(userid) SERVICE(READ) ALLOW)
F ACF2,REBUILD(FAC)

* where userid is the UID string of the logonid associated with the System Data Engine

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing