Unloading the Security Information › Run the Unload Utility › Control Statements › INCLUDE/EXCLUDE Control Statements—Filter Resources

INCLUDE/EXCLUDE Control Statements—Filter Resources

Resource classes and resource entities can be specified on INCLUDE and EXCLUDE statements to allow a subset of resource permissions to be loaded into the repository. If ACID filtering is also being used, no resource permissions are loaded for ACIDs that are being excluded from the repository. If an ACID is included in the repository, resource filtering can control which permissions are loaded.

If multiple INCLUDE and EXCLUDE statements match a resource, the most specific statement is used. The following list is the order of most specific to least specific:

• INCLUDE/EXCLUDE RESCLASS(resclass) RES(entity)
• INCLUDE/EXCLUDE RESCLASS(resclass) RESPRFX(entityprefix)
• INCLUDE/EXCLUDE RESCLASS(resclass)
• INCLUDE/EXCLUDE ALLRES

Note: Resource filtering only applies to resource permissions. All resource ownerships are always loaded into the repository.

If multiple INCLUDE/EXCLUDE RESCLASS(resclass) RESPRFX(entityprefix) statements are specified for the same resource class, the longest entityprefix is considered more specific. If the same resource class and resource entity or prefix is specified on both an INCLUDE and an EXCLUDE statement, the INCLUDE statement is used.

INCLUDE ALLRES

All resources are loaded into the CIA repository unless a more specific EXCLUDE statement applies.

Default: INCLUDE ALLRES is the default and is in effect unless an EXCLUDE ALLRES is specified.

EXCLUDE ALLRES

No resource permissions are loaded into the CIA repository except for resources specified on INCLUDE statements.

INCLUDE RESCLASS(resclass) RES(entity)

The specified resource is included in the repository. Permissions that exactly match the specified entity are included in the repository. resclass is the resource class name. entity is the resource entity.

Limits: resclass—1 to 8 characters, masking is not allowed. entity—1 to 255 characters; masking characters can be used but are not used as a mask but rather will match a masked permission.

EXCLUDE RESCLASS(resclass) RES(entity)

The specified resource is excluded from the repository. Permissions that exactly match the specified entity are excluded from the repository.

Limits: resclass—1 to 8 characters, masking is not allowed. entity—1 to 255 characters; masking characters can be used but are not used as a mask but rather will match a masked permission.

INCLUDE RESCLASS(resclass) RESPRFX(entityprefix)

All resources that match the entity prefix are included in the repository unless a more specific EXCLUDE statement applies.

Limits: resclass—1 to 8 characters, masking is not allowed. entity—1 to 255 characters; masking characters can be used but are not used as a mask but rather will match a masked permission.

EXCLUDE RESCLASS(resclass) RESPRFX(entityprefix)

All resources that match the entity prefix are excluded from the repository unless a more specific INCLUDE statement applies.

Limits: resclass—1 to 8 characters, masking is not allowed. entity—1 to 255 characters; masking characters can be used but are not used as a mask but rather will match a masked permission.

INCLUDE RESCLASS(resclass)

All resources in the specified resource class are included in the repository unless a more specific EXCLUDE statement applies.

Limits: 1 to 8 characters; masking is not allowed.

EXCLUDE RESCLASS(resclass)

All resources in the specified resource class are excluded from the repository unless a more specific INCLUDE statement applies.

Limits: 1 to 8 characters; masking is not allowed.