Writing Rules

CA ACF2 Option for DB2 controls access to DB2 resources in a number of ways. DB2 resources are protected because CA ACF2 Option for DB2 permits the user access to the resource only when one of the following is true:

A security administrator creates an CA ACF2 Option for DB2 rule entry that grants the user specific access to the resource.
The $UIDOWNER or $LIDOWNER control statement in the rule set defines the user as the owner of the resource.
The user has special override logonid privileges, such as NON‑CNCL or SECURITY.
The resource and access level are specified in a DB2 SAFELIST record.

This section contains the following topics:

What Is A DB2 Rule Set?

How Do You Specify CA ACF2 Option for DB2 Rules?

Can You Mask CA ACF2 Option for DB2 Rule Sets?

Can You Use Resource Grouping?

Cross-Reference Role Group (X-ROL) Records

CA ACF2 Resource Rule Validation

Which Rule Entry is Selected for $ROLESET Rules?

Use of NEXTKEY in Resource Rules

What Are Rule Directories?

How Do You Maintain Rules?

How Do You Maintain Rules Using ISPF?